Nextcloud User Oidc
By the Year
In 2024 there have been 0 vulnerabilities in Nextcloud User Oidc . Last year User Oidc had 4 security vulnerabilities published. Right now, User Oidc is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 4 | 7.03 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new User Oidc vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Nextcloud User Oidc Security Vulnerabilities
user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform
CVE-2023-39954
8.1 - High
- August 10, 2023
user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, an attacker that obtained at least read access to a snapshot of the database can impersonate the Nextcloud server towards linked servers. user_oidc 1.3.3 contains a patch. No known workarounds are available.
Missing Encryption of Sensitive Data
user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform
CVE-2023-39953
4.8 - Medium
- August 10, 2023
user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also have access to. user_oidc 1.3.3 contains a patch. No known workarounds are available.
Incorrect Implementation of Authentication Algorithm
user_oidc app is an OpenID Connect user backend for Nextcloud
CVE-2023-32074
9.8 - Critical
- May 25, 2023
user_oidc app is an OpenID Connect user backend for Nextcloud. Authentication can be broken/bypassed in user_oidc app. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.2
Improper Restriction of Excessive Authentication Attempts
user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform
CVE-2023-28848
5.4 - Medium
- April 04, 2023
user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request. Users should upgrade user_oidc to 1.3.0 to receive a patch for the issue. No known workarounds are available.
Session Riding
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Nextcloud User Oidc or by Nextcloud? Click the Watch button to subscribe.