cvedb.io
CVE-2023-28848
MEDIUM · CVSS 4.8
EPSS exploitation probability: 0%
Published 2023-04-04T13:15:08.797 · Last modified 2026-06-17T05:48:54.507

Summary

user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request. Users should upgrade user_oidc to 1.3.0 to receive a patch for the issue. No known workarounds are available.

Affected products

nextcloud — user_oidc

Does this affect you?

Add your gear to cvedb and we'll alert you only when nextcloud ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.