Solracsf

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 28.0.0 **Description** The issue concerns the expiration of OAuth codes in Nextcloud Server, a self-hosted personal cloud system. In affected versions, OAuth codes did not expire, allowing an attacker who gains access to an authorization code to authenticate at any time using the code. To exploit this, an attacker would need to intercept an OAuth code from a user session. As of version 28.0.0, OAuth codes are invalidated after 10 minutes and will no longer be authenticated. **Recommendations** For versions prior to 28.0.0, it is recommended to upgrade the Nextcloud Server to 28.0.0, as there are no known workarounds for this issue.