CVE-2023-39954

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Aug 10, 2023
Updated: Aug 16, 2023
CWE ID 311

Summary

CVE-2023-39954 affects the user_oidc package, which is the OpenID Connect user backend for Nextcloud. Versions prior to 1.3.3 are vulnerable, allowing an attacker with read access to a snapshot of the database to impersonate the Nextcloud server towards linked servers. This vulnerability can lead to serious security consequences, and there is currently no known workaround besides upgrading to version 1.3.3, which contains a patch. Users of Nextcloud with user_oidc installed are strongly encouraged to apply the update as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share