cbcvebase.
CVE-2023-28848
published 2023-04-04

CVE-2023-28848: user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively…

PriorityP426medium5.4CVSS 3.1
AVNACLPRNUIRSUCLILAN
EPSS
0.33%
25.0th percentile
user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request. Users should upgrade user_oidc to 1.3.0 to receive a patch for the issue. No known workarounds are available.

Affected

2 ranges
VendorProductVersion rangeFixed in
nextcloudsecurity-advisories
nextclouduser_oidc>= 1.0.0 < 1.3.01.3.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.