CVE-2024-22400

Summary

Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue.

Affected Software

VendorProductVersion RangeStatus
nextcloudsecurity-advisories>= 5.0.0, < 5.1.5affected
nextcloudsecurity-advisories>= 5.2.0, < 5.2.5affected
nextcloudsecurity-advisories>= 6.0.0, < 6.0.1affected

Weaknesses

  • CWE-601: CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References