Source |
CVE Liste |
Identifiant |
8368485 |
Date de publication |
2023-08-10 14:15:15 (vue: 2023-08-10 17:07:07) |
Titre |
CVE-2023-39953 |
Texte |
User_OIDC fournit le backend utilisateur OIDC Connect pour NextCloud, une plate-forme cloud open source.À partir de la version 1.0.0 et avant la version 1.3.3, la vérification manquante de l'émetteur aurait permis à un attaquant d'effectuer une attaque de l'homme au milieu de retour corrompu ou connu auquel ils ont également accès.User_OIDC 1.3.3 contient un patch.Aucune solution de contournement connue n'est disponible.
user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also have access to. user_oidc 1.3.3 contains a patch. No known workarounds are available. |
Envoyé |
Oui |
Condensat |
2023 39953 access allowed also are attack attacker available backend cloud connect contains corrupted cve have issuer known man middle missing nextcloud oidc open patch perform platform prior provides returning source starting token user verification version workarounds would |
Tags |
Cloud
|
Stories |
|
Notes |
|
Move |
|