Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Open redirect in user_saml via RelayState parameter in Nextcloud User Saml
Vulnerability Description
Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
Nextcloud 输入验证错误漏洞
Vulnerability Description
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud User Saml存在输入验证错误漏洞,该漏洞源于允许攻击者通过RelayState参数在user_saml中打开重定向。受影响的产品和版本:Nextcloud User Saml 5.0.0及更高版本,5.1.0及更高版本,5.2.0及更高版本,6.0.0及更高版本。
CVSS Information
N/A
Vulnerability Type
N/A