PT-2024-35351 · Nextcloud · Nextcloud User Oidc
Kesselb
·
Published
2024-11-15
·
Updated
2025-08-15
·
CVE-2024-52512
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Nextcloud User OIDC app versions prior to 6.1.0
Description
A malicious user could send a malformed login link that would redirect the user to a provided URL after successfully authenticating. This issue is related to the user oidc app, an OpenID Connect user backend for Nextcloud.
Recommendations
For Nextcloud User OIDC app versions prior to 6.1.0, upgrade to version 6.1.0 to resolve the issue.
Exploit
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nextcloud User Oidc