Nextcloud User Oidc vulnerabilities

CVE-2024-52512 [MEDIUM] CWE-601 CVE-2024-52512: user_oidc app is an OpenID Connect user backend for Nextcloud. A malicious user could send a malform user_oidc app is an OpenID Connect user backend for Nextcloud. A malicious user could send a malformed login link that would redirect the user to a provided URL after successfully authenticating. It is recommended that the Nextcloud User OIDC app is upgraded to 6.1.0.

CVE-2024-37886 [MEDIUM] CWE-347 CVE-2024-37886: user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick t user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0.

CVE-2024-37312 [MEDIUM] CWE-284 CVE-2024-37312: user_oidc app is an OpenID Connect user backend for Nextcloud. Missing access control on the ID4me e user_oidc app is an OpenID Connect user backend for Nextcloud. Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is available to all registered users. It is recommended that the OpenID Connect user backend is upgraded to 3.0.0 (Nextcloud 20-23), 4.0.0 (Nexcloud 24) or 5.0.0

CVE-2023-39954 [HIGH] CWE-311 CVE-2023-39954: user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Start user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, an attacker that obtained at least read access to a snapshot of the database can impersonate the Nextcloud server towards linked servers. user_oidc 1.3.3 contains a patch. No known workarounds are availab

CVE-2023-39953 [MEDIUM] CWE-303 CVE-2023-39953: user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Start user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also have access to. user_oidc 1.3.3 contains a patch. No

CVE-2023-32074 [CRITICAL] CWE-307 CVE-2023-32074: user_oidc app is an OpenID Connect user backend for Nextcloud. Authentication can be broken/bypassed user_oidc app is an OpenID Connect user backend for Nextcloud. Authentication can be broken/bypassed in user_oidc app. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.2

CVE-2023-28848 [MEDIUM] CWE-352 CVE-2023-28848: user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A v user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request. Users should upgrade user_oidc to 1.3.0 to recei