Skip to content

CSRF protection on user_oidc login returned the expected token in case of an error

Moderate
nickvergessen published GHSA-52hv-xw32-wf7f Apr 4, 2023

Package

user_oidc (Nextcloud)

Affected versions

>= 1.0.0

Patched versions

1.3.0

Description

Impact

This effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request.

Patches

It is recommended that the user_oidc is upgraded to 1.3.0.

Workarounds

No workaround available

References

Are there any links users can visit to find out more?

Severity

Moderate
4.8
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
High
User interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CVE ID

CVE-2023-28848

Weaknesses