PT-2024-19391 · Nextcloud · Nextcloud User Saml
Ry0Tak
·
Published
2024-01-18
·
Updated
2024-01-26
·
CVE-2024-22400
CVSS v3.1
3.1
Low
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Nextcloud User Saml versions prior to 5.1.5
Nextcloud User Saml versions prior to 5.2.5
Nextcloud User Saml versions prior to 6.0.1
Description
Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions, users can be given a link to the Nextcloud server and end up on an uncontrolled third-party server.
Recommendations
For versions prior to 5.1.5, upgrade to version 5.1.5 or later.
For versions prior to 5.2.5, upgrade to version 5.2.5 or later.
For versions prior to 6.0.1, upgrade to version 6.0.1 or later.
As a temporary workaround, consider restricting access to the SAML authentication feature until a patch is available.
Exploit
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nextcloud User Saml