CVE-2023-39953

CVSS V2 None CVSS V3 None
Description
user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also have access to. user_oidc 1.3.3 contains a patch. No known workarounds are available.
Overview
  • CVE ID
  • CVE-2023-39953
  • Assigner
  • security-advisories@github.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-08-10T14:15:15
  • Last Modified Date
  • 2023-08-16T19:10:58
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:nextcloud:user_oidc:*:*:*:*:*:*:*:* 1 OR 1.0.0 1.3.3
History
Created Old Value New Value Data Type Notes
2023-09-06 03:29:41 Added to TrackCVE
2023-09-06 03:29:44 Weakness Enumeration new