CVE Vulnerabilities

CVE-2024-37886

Improper Verification of Cryptographic Signature

Published: Jun 14, 2024 | Modified: Aug 14, 2025
CVSS 3.x
4.7
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0.

Weakness

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Affected Software

Name Vendor Start Version End Version
User_oidc Nextcloud * 1.3.5 (excluding)

References