CVE-2024-22400
CVSS V2 None
CVSS V3 None
Description
Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue.
Overview
- CVE ID
- CVE-2024-22400
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-01-18T19:21:06.618Z
- Last Modified Date
- 2024-01-18T19:21:06.618Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/security/advisories/GHSA-622q-xhfr-xmv7 | x_refsource_CONFIRM |
| https://github.com/nextcloud/user_saml/pull/788 | x_refsource_MISC |
| https://github.com/nextcloud/user_saml/commit/b184304a476deeba36e92b70562d5de7c2f85f8a | x_refsource_MISC |
| https://hackerone.com/reports/2263044 | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-22400 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22400 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 09:31:31 | Added to TrackCVE |