OpenID Connect User Backend Vulnerability in Nextcloud
CVE-2024-52512
Currently unrated
What is CVE-2024-52512?
The user_oidc application, an OpenID Connect backend for Nextcloud, is susceptible to a vulnerability that allows a malicious user to create a malformed login link. This manipulated link, when accessed, can redirect the authenticated user to an arbitrary URL. To mitigate this issue, it is crucial to upgrade the user_oidc app to version 6.1.0 or later, thus preventing potential exploitation and ensuring a secure authentication process.