5.4
CVE-2024-37886
- EPSS 0.59%
- Veröffentlicht 14.06.2024 16:15:13
- Zuletzt bearbeitet 14.08.2025 19:03:04
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Nextcloud user_oidc's ID4me does not validate signature or expiration
ID4me does not validate signature or expiration
user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0.
Mögliche Gegenmaßnahme
user_oidc: * No workaround available
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemNextcloud App
≫
Produkt
user_oidc
Version
>= 0.0.0, < 1.3.5
Version
>= 2.0.0, < 2.0.0
Version
>= 3.0.0, < 3.0.0
Version
>= 4.0.0, < 4.0.0
Version
>= 5.0.0, < 5.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.59% | 0.688 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.7 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
|
| security-advisories@github.com | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
CWE-347 Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.