CVE-2024-22400

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-22400
Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue.

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-622q-xhfr-xmv7 Vendor Advisory
https://github.com/nextcloud/user_saml/commit/b184304a476deeba36e92b70562d5de7c2f85f8a Patch
https://github.com/nextcloud/user_saml/pull/788 Patch
https://hackerone.com/reports/2263044 Permissions Required Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nextcloud:sso_\&_saml_authentication:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:sso_\&_saml_authentication:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:sso_\&_saml_authentication:6.0.0:*:*:*:*:*:*:*
History

26 Jan 2024, 20:55

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 3.1 		v2 : unknown
v3 : 6.1
CPE cpe:2.3:a:nextcloud:sso_\&_saml_authentication:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:sso_\&_saml_authentication:6.0.0:*:*:*:*:*:*:*
References () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-622q-xhfr-xmv7 - () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-622q-xhfr-xmv7 - Vendor Advisory
References () https://github.com/nextcloud/user_saml/commit/b184304a476deeba36e92b70562d5de7c2f85f8a - () https://github.com/nextcloud/user_saml/commit/b184304a476deeba36e92b70562d5de7c2f85f8a - Patch
References () https://github.com/nextcloud/user_saml/pull/788 - () https://github.com/nextcloud/user_saml/pull/788 - Patch
References () https://hackerone.com/reports/2263044 - () https://hackerone.com/reports/2263044 - Permissions Required, Third Party Advisory
First Time Nextcloud sso \& Saml Authentication
Nextcloud
Summary
  • (es) Nextcloud User Saml es una aplicación para autenticar a los usuarios de Nextcloud mediante SAML. En las versiones afectadas, a los usuarios se les puede proporcionar un enlace al servidor de Nextcloud y terminar en un servidor de terceros no controlado. Se recomienda actualizar la aplicación User Saml a la versión 5.1.5, 5.2.5 o 6.0.1. No se conocen workarounds para este problema.

18 Jan 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-18 20:15

Updated : 2024-01-26 20:55

NVD link : CVE-2024-22400

Mitre link : CVE-2024-22400

CVE.ORG link : CVE-2024-22400

JSON object : View

Products Affected

nextcloud

  • sso_\&_saml_authentication
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')