user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0.
References
Configurations
No configuration.
History
17 Jun 2024, 12:42
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
14 Jun 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-14 16:15
Updated : 2024-06-17 12:42
NVD link : CVE-2024-37886
Mitre link : CVE-2024-37886
CVE.ORG link : CVE-2024-37886
JSON object : View
Products Affected
No product.
CWE
CWE-347
Improper Verification of Cryptographic Signature