CVE-2024-52512

user_oidc app is an OpenID Connect user backend for Nextcloud. A malicious user could send a malformed login link that would redirect the user to a provided URL after successfully authenticating. It is recommended that the Nextcloud User OIDC app is upgraded to 6.1.0.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-784j-x2g5-4g7q	Vendor Advisory
https://github.com/nextcloud/user_oidc/commit/c923428d51972f6d04636c6accbecdec0c1b88e9	Patch
https://github.com/nextcloud/user_oidc/pull/961	Issue Tracking VDB Entry
https://hackerone.com/reports/2720030	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:nextcloud:user_oidc:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-11-15 18:15

Updated : 2025-08-15 13:53

NVD link : CVE-2024-52512

Mitre link : CVE-2024-52512

CVE.ORG link : CVE-2024-52512

JSON object : View

Products Affected

nextcloud

user_oidc

CWE

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

{"id": "CVE-2024-52512", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2024-11-15T18:15:29.933", "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-784j-x2g5-4g7q", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://github.com/nextcloud/user_oidc/commit/c923428d51972f6d04636c6accbecdec0c1b88e9", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/nextcloud/user_oidc/pull/961", "tags": ["Issue Tracking", "VDB Entry"], "source": "[email protected]"}, {"url": "https://hackerone.com/reports/2720030", "tags": ["Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "user_oidc app is an OpenID Connect user backend for Nextcloud. A malicious user could send a malformed login link that would redirect the user to a provided URL after successfully authenticating. It is recommended that the Nextcloud User OIDC app is upgraded to 6.1.0."}, {"lang": "es", "value": "La aplicaci\u00f3n user_oidc es un backend de usuario de OpenID Connect para Nextcloud. Un usuario malintencionado podr\u00eda enviar un enlace de inicio de sesi\u00f3n mal formado que redirigir\u00eda al usuario a una URL proporcionada despu\u00e9s de autenticarse correctamente. Se recomienda que la aplicaci\u00f3n User OIDC de Nextcloud se actualice a la versi\u00f3n 6.1.0."}], "lastModified": "2025-08-15T13:53:22.120", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:user_oidc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83553E2D-783A-4931-BF1C-611BB4E01A70", "versionEndExcluding": "6.1.0", "versionStartIncluding": "6.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}