Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CSRF protection on user_oidc login returned the expected token in case of an error
Vulnerability Description
user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request. Users should upgrade user_oidc to 1.3.0 to receive a patch for the issue. No known workarounds are available.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
user_oidc 跨站请求伪造漏洞
Vulnerability Description
Nextcloud user_oidc是德国Nextcloud公司的一个应用程序 user_oidc 1.0.0版本至1.3.0版本存在跨站请求伪造漏洞,该漏洞源于应用程序将预期的状态令牌从第一个请求复制到第二个请求。
CVSS Information
N/A
Vulnerability Type
N/A