cbcvebase.
CVE-2024-37312
published 2024-06-14

CVE-2024-37312: user_oidc app is an OpenID Connect user backend for Nextcloud. Missing access control on the ID4me endpoint allows an attacker to register an account…

PriorityP431medium6.3CVSS 3.1
AVAACLPRNUINSUCLILAL
EPSS
0.64%
46.0th percentile
user_oidc app is an OpenID Connect user backend for Nextcloud. Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is available to all registered users. It is recommended that the OpenID Connect user backend is upgraded to 3.0.0 (Nextcloud 20-23), 4.0.0 (Nexcloud 24) or 5.0.0 (Nextcloud 25-28).

Affected

2 ranges
VendorProductVersion rangeFixed in
nextcloudsecurity-advisories<= 1.3.6
nextclouduser_oidc< 5.0.05.0.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.