Home > Vulnerability Database > CVE-2024-37312

Mend.io Vulnerability Database

CVE-2024-37312

Good to know:

Date: June 14, 2024

user_oidc app is an OpenID Connect user backend for Nextcloud. Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is available to all registered users. It is recommended that the OpenID Connect user backend is upgraded to 3.0.0 (Nextcloud 20-23), 4.0.0 (Nexcloud 24) or 5.0.0 (Nextcloud 25-28).

Language: PHP

Severity Score

6.3

Related Resources (5)

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vw7g-959g-vj6q

Url: https://github.com/nextcloud/user_oidc/commit/9f68a716ecd264160a7c098b8840313f1ac855f2

Url: https://hackerone.com/reports/2376929

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-37312

Url: https://www.mend.io/vulnerability-database/CVE-2024-37312

Severity Score

6.3

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version v1.3.7

Learn More

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-37312

Good to know:

Date: June 14, 2024

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?