CVE-2023-28848 — Cross-Site Request Forgery in User Oidc

CWE-352 — Cross-Site Request Forgery CWE-94 — Code Injection3 documents3 sources

Severity

5.4MEDIUMNVD

CNA4.8

EPSS

0.2%

top 54.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nextcloud User Oidc Nextcloud Security-advisories

Timeline

PublishedApr 4

Latest updateApr 24

Description

user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request. Users should upgrade user_oidc to 1.3.0 to receive a patch for the issue. No known workarounds are available.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶NVDnextcloud/user_oidc1.0.0 — 1.3.0

▶CVEListV5nextcloud/security-advisories>= 1.0.0, < 1.3.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`)↗2024-04-24

▶

CVEList

CSRF protection on user_oidc login returned the expected token in case of an error↗2023-04-04

▶