Open redirect in user_saml via RelayState parameter in Nextcloud User Saml
CVE-2024-22400
3.1LOW
What is CVE-2024-22400?
Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
security-advisories >= 5.0.0, < 5.1.5 < 5.0.0, 5.1.5
security-advisories >= 5.2.0, < 5.2.5 < 5.2.0, 5.2.5
security-advisories >= 6.0.0, < 6.0.1 < 6.0.0, 6.0.1
References
CVSS V3.1
Score:
3.1
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved