Vulnerability Description
Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Sso \& Saml Authentication | >= 5.0.0, < 5.1.5 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-622q-xVendor Advisory
- https://github.com/nextcloud/user_saml/commit/b184304a476deeba36e92b70562d5de7c2Patch
- https://github.com/nextcloud/user_saml/pull/788Patch
- https://hackerone.com/reports/2263044Permissions RequiredThird Party Advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-622q-xVendor Advisory
- https://github.com/nextcloud/user_saml/commit/b184304a476deeba36e92b70562d5de7c2Patch
- https://github.com/nextcloud/user_saml/pull/788Patch
- https://hackerone.com/reports/2263044Permissions RequiredThird Party Advisory
FAQ
What is CVE-2024-22400?
CVE-2024-22400 is a vulnerability with a CVSS score of 3.1 (LOW). Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It i...
How severe is CVE-2024-22400?
CVE-2024-22400 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-22400?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Sso \& Saml Authentication.