CVSS 3.1 Score 3.7 of 10 (low)


Published Jan 18, 2024
Updated: Jan 26, 2024
CWE ID 613


CVE-2024-22403 is a vulnerability that affects Nextcloud servers, a self-hosted personal cloud system. In affected versions of the software, OAuth codes do not expire, allowing an attacker who gains access to an authorization code to authenticate at any time using the code. The vulnerability poses a potential danger to organizations as it allows unauthorized access to user sessions. To remediate this issue, it is recommended that Nextcloud Server is upgraded to version 28.0.0, which invalidates OAuth codes after 10 minutes and no longer authenticates them. There are no known workarounds for this vulnerability. The base severity of this vulnerability is rated as low with a base score of 3.7 according to the NIST Common Vulnerability Scoring System (CVSS).

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-22403 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options