Vulnerability Details CVE-2024-22400
Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.5%
CVSS Severity
CVSS v3 Score 3.1
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-622q-xhfr-xmv7
- https://github.com/nextcloud/user_saml/commit/b184304a476deeba36e92b70562d5de7c2f85f8a
- https://github.com/nextcloud/user_saml/pull/788
- https://hackerone.com/reports/2263044
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-622q-xhfr-xmv7
- https://github.com/nextcloud/user_saml/commit/b184304a476deeba36e92b70562d5de7c2f85f8a
- https://github.com/nextcloud/user_saml/pull/788
- https://hackerone.com/reports/2263044
Products affected by CVE-2024-22400
-
cpe:2.3:a:nextcloud:sso_&_saml_authentication:5.0.0
-
cpe:2.3:a:nextcloud:sso_&_saml_authentication:5.0.1
-
cpe:2.3:a:nextcloud:sso_&_saml_authentication:5.0.2
-
cpe:2.3:a:nextcloud:sso_&_saml_authentication:5.0.3
-
cpe:2.3:a:nextcloud:sso_&_saml_authentication:5.1.0
-
cpe:2.3:a:nextcloud:sso_&_saml_authentication:5.1.1
-
cpe:2.3:a:nextcloud:sso_&_saml_authentication:5.1.2
-
cpe:2.3:a:nextcloud:sso_&_saml_authentication:5.1.3
-
cpe:2.3:a:nextcloud:sso_&_saml_authentication:5.1.4
-
cpe:2.3:a:nextcloud:sso_&_saml_authentication:5.2.0
-
cpe:2.3:a:nextcloud:sso_&_saml_authentication:5.2.1
-
cpe:2.3:a:nextcloud:sso_&_saml_authentication:5.2.2
-
cpe:2.3:a:nextcloud:sso_&_saml_authentication:5.2.3
-
cpe:2.3:a:nextcloud:sso_&_saml_authentication:5.2.4
-
cpe:2.3:a:nextcloud:sso_&_saml_authentication:6.0.0