ByteOS Network

NVD Vulnerability Details :

CVE-2024-22400

Analyzed

Source-security-advisories@github.com

Published At-18 Jan, 2024 | 20:15

Updated At-26 Jan, 2024 | 20:55

Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Secondary	3.1	3.1	LOW	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Type: Primary

Version: 3.1

Base score: 6.1

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 3.1

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

CPE Matches

Nextcloud GmbH

>>sso_\&_saml_authentication>>Versions from 5.0.0(inclusive) to 5.1.5(exclusive)

cpe:2.3:a:nextcloud:sso_\&_saml_authentication:*:*:*:*:*:*:*:*

Nextcloud GmbH

>>sso_\&_saml_authentication>>Versions from 5.2.0(inclusive) to 5.2.5(exclusive)

cpe:2.3:a:nextcloud:sso_\&_saml_authentication:*:*:*:*:*:*:*:*

Nextcloud GmbH

>>sso_\&_saml_authentication>>6.0.0

cpe:2.3:a:nextcloud:sso_\&_saml_authentication:6.0.0:*:*:*:*:*:*:*