CVE-2024-37886

Name of the Vulnerable Software and Affected Versions Nextcloud user oidc app versions prior to 1.3.5 Nextcloud user oidc app versions prior to 2.0.0 Nextcloud user oidc app versions prior to 3.0.0 Nextcloud user oidc app versions prior to 4.0.0 Nextcloud user oidc app versions prior to 5.0.0

Description The user oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server.

Recommendations For versions prior to 1.3.5, upgrade to version 1.3.5 or later. For versions prior to 2.0.0, upgrade to version 2.0.0 or later. For versions prior to 3.0.0, upgrade to version 3.0.0 or later. For versions prior to 4.0.0, upgrade to version 4.0.0 or later. For versions prior to 5.0.0, upgrade to version 5.0.0 or later.