CVE-2023-28848 - OpenCVE

user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request. Users should upgrade user_oidc to 1.3.0 to receive a patch for the issue. No known workarounds are available.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Nextcloud	User Oidc

Configuration 1 [-]

cpe:2.3:a:nextcloud:user_oidc:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-52hv-xw32-wf7f	Vendor Advisory
https://github.com/nextcloud/user_oidc/pull/580	Patch Vendor Advisory
https://hackerone.com/reports/1878381	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-04-04T12:38:31.201Z

Updated: 2023-04-04T12:38:31.201Z

Reserved: 2023-03-24T16:25:34.467Z

Link: CVE-2023-28848

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-04-04T13:15:08.797

Modified: 2023-04-10T17:37:52.570

Link: CVE-2023-28848

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-28848", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-03-24T16:25:34.467Z", "datePublished": "2023-04-04T12:38:31.201Z", "dateUpdated": "2023-04-04T12:38:31.201Z"}, "containers": {"cna": {"title": "CSRF protection on user_oidc login returned the expected token in case of an error", "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "lang": "en", "description": "CWE-352: Cross-Site Request Forgery (CSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-52hv-xw32-wf7f", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-52hv-xw32-wf7f"}, {"name": "https://github.com/nextcloud/user_oidc/pull/580", "tags": ["x_refsource_MISC"], "url": "https://github.com/nextcloud/user_oidc/pull/580"}, {"name": "https://hackerone.com/reports/1878381", "tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/1878381"}], "affected": [{"vendor": "nextcloud", "product": "security-advisories", "versions": [{"version": ">= 1.0.0, < 1.3.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-04-04T12:38:31.201Z"}, "descriptions": [{"lang": "en", "value": "user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request. Users should upgrade user_oidc to 1.3.0 to receive a patch for the issue. No known workarounds are available."}], "source": {"advisory": "GHSA-52hv-xw32-wf7f", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:user_oidc:*:*:*:*:*:*:*:*", "matchCriteriaId": "A40E2FB4-3276-4DBF-B194-DB09CBF65201", "versionEndExcluding": "1.3.0", "versionStartIncluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request. Users should upgrade user_oidc to 1.3.0 to receive a patch for the issue. No known workarounds are available."}], "id": "CVE-2023-28848", "lastModified": "2023-04-10T17:37:52.570", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-04-04T13:15:08.797", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-52hv-xw32-wf7f"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/nextcloud/user_oidc/pull/580"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://hackerone.com/reports/1878381"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security-advisories@github.com", "type": "Primary"}]}