CVE-2024-22400
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-22400
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-22400.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-22400
- Aliases
-
- GHSA-622q-xhfr-xmv7
- Published
- 2024-01-18T19:21:06.618Z
- Modified
- 2025-12-05T03:12:51.488280Z
- Severity
-
- 3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- Open redirect in user_saml via RelayState parameter in Nextcloud User Saml
- Details
-
Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-601" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/22xxx/CVE-2024-22400.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/22xxx/CVE-2024-22400.json
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-622q-xhfr-xmv7
- https://github.com/nextcloud/user_saml/commit/b184304a476deeba36e92b70562d5de7c2f85f8a
- https://github.com/nextcloud/user_saml/pull/788
- https://hackerone.com/reports/2263044
- https://nvd.nist.gov/vuln/detail/CVE-2024-22400