CVE-2023-39953
CVSS 3.1 Score 4.8 of 10 (medium)
Details
Published Aug 10, 2023
Updated: Aug 16, 2023
CWE ID 303
Summary
CVE-2023-39953 affects the user_oidc package used in Nextcloud, an open-source cloud platform. Prior to version 1.3.3, this vulnerability allowed a man-in-the-middle attacker to intercept and corrupt or replace OIDC (OpenID Connect) tokens. By bypassing the issuer verification process, an attacker could impersonate a trusted entity and gain unauthorized access. The latest version, 1.3.3, includes a patch to resolve this issue, and no known workarounds are currently available.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Nextcloud GmbH