CVE-2023-39953

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Aug 10, 2023
Updated: Aug 16, 2023
CWE ID 303

Summary

CVE-2023-39953 affects the user_oidc package used in Nextcloud, an open-source cloud platform. Prior to version 1.3.3, this vulnerability allowed a man-in-the-middle attacker to intercept and corrupt or replace OIDC (OpenID Connect) tokens. By bypassing the issuer verification process, an attacker could impersonate a trusted entity and gain unauthorized access. The latest version, 1.3.3, includes a patch to resolve this issue, and no known workarounds are currently available.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share