Vulnerabilities > CVE-2024-22400 - Unspecified vulnerability in Nextcloud SSO & Saml Authentication
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue.
Vulnerable Configurations
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-622q-xhfr-xmv7
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-622q-xhfr-xmv7
- https://github.com/nextcloud/user_saml/commit/b184304a476deeba36e92b70562d5de7c2f85f8a
- https://github.com/nextcloud/user_saml/commit/b184304a476deeba36e92b70562d5de7c2f85f8a
- https://github.com/nextcloud/user_saml/pull/788
- https://github.com/nextcloud/user_saml/pull/788
- https://hackerone.com/reports/2263044
- https://hackerone.com/reports/2263044