VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 4, 2023· Updated Feb 11, 2025

CSRF protection on user_oidc login returned the expected token in case of an error

CVE-2023-28848

Description

In Nextcloud user_oidc plugin 1.0.0-1.3.0, CSRF protection leaks expected state token, allowing token reuse and authentication bypass.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In Nextcloud user_oidc plugin 1.0.0-1.3.0, CSRF protection leaks expected state token, allowing token reuse and authentication bypass.

Vulnerability

In versions 1.0.0 to 1.3.0 of the Nextcloud user_oidc OIDC connector, the CSRF protection mechanism improperly exposes the expected state token in error responses. An attacker can capture the token from the first OIDC login request and reuse it in a second request to bypass state validation. [1][2]

Exploitation

The attacker must be able to intercept or observe the network traffic of a legitimate user initiating an OIDC login. By capturing the initial request containing the expected state token, the attacker can craft a second authentication request with the same token, bypassing the CSRF protection. No user interaction beyond the initial login attempt is required.

Impact

Successful exploitation allows an attacker to bypass CSRF protection and potentially authenticate as the victim user via OIDC, leading to unauthorized access to the victim's Nextcloud account. The confidentiality and integrity of user data may be compromised.

Mitigation

The vulnerability is fixed in user_oidc version 1.3.0. Users should upgrade to this version immediately. No known workarounds are available. [1][2]

References
  1. Do not expose the expected code when it does not match by julien-nc · Pull Request #580 · nextcloud/user_oidc
  2. CSRF protection on user_oidc login returned the expected token in case of an error

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Nextcloud/User OIDCllm-fuzzy
    Range: >=1.0.0, <1.3.0
  • nextcloud/security-advisoriesv5
    Range: >= 1.0.0, < 1.3.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.