PT-2023-23585 · Nextcloud · User Oidc
Nickvergessen
·
Published
2023-05-25
·
Updated
2023-06-01
·
CVE-2023-32074
CVSS v3.1
8.0
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
user oidc app versions prior to 1.3.2
Description
The user oidc app, an OpenID Connect user backend for Nextcloud, has an issue where authentication can be broken or bypassed.
Recommendations
For versions prior to 1.3.2, upgrade the Nextcloud user oidc app to version 1.3.2.
Exploit
Fix
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
User Oidc