Vulnerability Description
user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | User Oidc | < 1.3.5 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vw5h-2Vendor Advisory
- https://github.com/nextcloud/user_oidc/pull/715Issue TrackingPatch
- https://hackerone.com/reports/1878391Issue Tracking
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vw5h-2Vendor Advisory
- https://github.com/nextcloud/user_oidc/pull/715Issue TrackingPatch
- https://hackerone.com/reports/1878391Issue Tracking
FAQ
What is CVE-2024-37886?
CVE-2024-37886 is a vulnerability with a CVSS score of 5.4 (MEDIUM). user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the...
How severe is CVE-2024-37886?
CVE-2024-37886 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-37886?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud User Oidc.