Vulnerabilities > CVE-2023-32074 - Improper Restriction of Excessive Authentication Attempts vulnerability in Nextcloud User Oidc
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
user_oidc app is an OpenID Connect user backend for Nextcloud. Authentication can be broken/bypassed in user_oidc app. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.2
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x8mc-84wj-rf34
- https://github.com/nextcloud/user_oidc/pull/615
- https://hackerone.com/reports/1954711
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x8mc-84wj-rf34
- https://hackerone.com/reports/1954711
- https://github.com/nextcloud/user_oidc/pull/615