CVE-2023-39954

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-39954

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-39954.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-39954

Related

GHSA-3f92-5c8p-f6gq

Published

2023-08-10T15:15:09Z

Modified

2025-01-14T11:53:51.973071Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

useroidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, an attacker that obtained at least read access to a snapshot of the database can impersonate the Nextcloud server towards linked servers. useroidc 1.3.3 contains a patch. No known workarounds are available.

References

Affected packages

Git / github.com/nextcloud/user_oidc

Affected ranges

Type: GIT
Repo: https://github.com/nextcloud/user_oidc
Events: Introduced

2b27bd81899d8607f82ad41c2831bef91db835a5

Fixed

3ff24f81b96792d96a2647d7b1f857b891c84643

Affected versions

v1.*

v1.0.0

v1.1.0

v1.2.0

v1.2.1

v1.3.0

v1.3.1

v1.3.2