6.1
CVE-2024-22400
- EPSS 0.27%
- Veröffentlicht 18.01.2024 20:15:08
- Zuletzt bearbeitet 21.11.2024 08:56:12
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginOpen redirect in user_saml via RelayState parameter in Nextcloud User Saml
Open redirect in user_saml via RelayState parameter
Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue.
Mögliche Gegenmaßnahme
User Saml: * No workaround available
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nextcloud ≫ Sso & Saml Authentication Version >= 5.0.0 < 5.1.5
Nextcloud ≫ Sso & Saml Authentication Version >= 5.2.0 < 5.2.5
Nextcloud ≫ Sso & Saml Authentication Version6.0.0
Weitere Schwachstelleninformationen
SystemNextcloud App
≫
Produkt
User Saml
Version
>= 5.0.0, < 5.1.5
Version
>= 5.2.0, < 5.2.5
Version
>= 6.0.0, < 6.0.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.499 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| security-advisories@github.com | 3.1 | 1.6 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.