Medium severity6.3NVD Advisory· Published Jun 14, 2024· Updated Jun 17, 2026
CVE-2024-37312
CVE-2024-37312
Description
user_oidc app is an OpenID Connect user backend for Nextcloud. Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is available to all registered users. It is recommended that the OpenID Connect user backend is upgraded to 3.0.0 (Nextcloud 20-23), 4.0.0 (Nexcloud 24) or 5.0.0 (Nextcloud 25-28).
Affected products
2- nextcloud/security-advisoriesv5Range: <= 1.3.6
Patches
Vulnerability mechanics
References
3- github.com/nextcloud/user_oidc/commit/9f68a716ecd264160a7c098b8840313f1ac855f2nvdPatch
- hackerone.com/reports/2376929nvdExploitThird Party Advisory
- github.com/nextcloud/security-advisories/security/advisories/GHSA-vw7g-959g-vj6qnvdVendor Advisory
News mentions
0No linked articles in our index yet.