cbcvebase.
CVE-2024-37886
published 2024-06-14

CVE-2024-37886: user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the…

PriorityP421medium4.7CVSS 3.1
AVNACLPRNUIRSCCNILAN
EPSS
0.24%
15.0th percentile
user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0.

Affected

2 ranges
VendorProductVersion rangeFixed in
nextcloudsecurity-advisories< 1.3.51.3.5
nextclouduser_oidc< 1.3.51.3.5
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.