CVE-2023-39954

Name of the Vulnerable Software and Affected Versions user oidc versions 1.0.0 through 1.3.2

Description The issue affects the user oidc module, which provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. An attacker with at least read access to a snapshot of the database can impersonate the Nextcloud server towards linked servers.

Recommendations For versions 1.0.0 through 1.3.2, update to version 1.3.3, which contains a patch for the issue. As a temporary workaround, consider restricting access to the database to minimize the risk of exploitation.