CVE-2023-39954

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Aug 10, 2023

Updated: Aug 16, 2023

CWE ID 311

Summary

CVE-2023-39954 affects the user_oidc package, which is the OpenID Connect user backend for Nextcloud. Versions prior to 1.3.3 are vulnerable, allowing an attacker with read access to a snapshot of the database to impersonate the Nextcloud server towards linked servers. This vulnerability can lead to serious security consequences, and there is currently no known workaround besides upgrading to version 1.3.3, which contains a patch. Users of Nextcloud with user_oidc installed are strongly encouraged to apply the update as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Nextcloud GmbH

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sQSsot
https://www.cve.org/CVERecord?id=CVE-2023-39954
https://nvd.nist.gov/vuln/detail/CVE-2023-39954

Back to Vulnerability Database

CVE-2023-39954

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations