OpenCVE

user_oidc is an OpenID Connect user backend for Nextcloud. In versions prior to 1.2.1 sensitive information such as the OIDC client credentials and tokens are sent in plain text of HTTP without TLS. Any malicious actor with access to monitor user traffic may have been able to compromise account security. This issue has been addressed in in user_oidc v1.2.1. Users are advised to upgrade. Users unable to upgrade may use https to access Nextcloud. Set an HTTPS discovery URL in the provider settings (in Nextcloud OIDC admin settings).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nextcloud	Openid Connect User Backend

Configuration 1 [-]

cpe:2.3:a:nextcloud:openid_connect_user_backend:*:*:*:*:*:nextcloud:*:*

No data.

References

Link	Providers
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vff-cq8h-chhg
https://github.com/nextcloud/user_oidc/pull/495
https://hackerone.com/reports/1687005

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-11-25T00:00:00

Updated: 2024-08-03T12:00:44.166Z

Reserved: 2022-09-02T00:00:00

Link: CVE-2022-39339

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-11-25T19:15:11.543

Modified: 2024-11-21T07:18:04.260

Link: CVE-2022-39339

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-39339", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2024-08-03T12:00:44.166Z", "dateReserved": "2022-09-02T00:00:00", "datePublished": "2022-11-25T00:00:00"}, "containers": {"cna": {"title": "Cleartext Transmission of Sensitive Information in user_oidc", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-11-25T00:00:00"}, "descriptions": [{"lang": "en", "value": "user_oidc is an OpenID Connect user backend for Nextcloud. In versions prior to 1.2.1 sensitive information such as the OIDC client credentials and tokens are sent in plain text of HTTP without TLS. Any malicious actor with access to monitor user traffic may have been able to compromise account security. This issue has been addressed in in user_oidc v1.2.1. Users are advised to upgrade. Users unable to upgrade may use https to access Nextcloud. Set an HTTPS discovery URL in the provider settings (in Nextcloud OIDC admin settings)."}], "affected": [{"vendor": "nextcloud", "product": "security-advisories", "versions": [{"version": "< 1.2.1", "status": "affected"}]}], "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vff-cq8h-chhg"}, {"url": "https://github.com/nextcloud/user_oidc/pull/495"}, {"url": "https://hackerone.com/reports/1687005"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-319: Cleartext Transmission of Sensitive Information", "cweId": "CWE-319"}]}], "source": {"advisory": "GHSA-2vff-cq8h-chhg", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:00:44.166Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vff-cq8h-chhg", "tags": ["x_transferred"]}, {"url": "https://github.com/nextcloud/user_oidc/pull/495", "tags": ["x_transferred"]}, {"url": "https://hackerone.com/reports/1687005", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:openid_connect_user_backend:*:*:*:*:*:nextcloud:*:*", "matchCriteriaId": "A6DF3630-82F0-4917-B4CD-8B93EE5DF79B", "versionEndExcluding": "1.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "user_oidc is an OpenID Connect user backend for Nextcloud. In versions prior to 1.2.1 sensitive information such as the OIDC client credentials and tokens are sent in plain text of HTTP without TLS. Any malicious actor with access to monitor user traffic may have been able to compromise account security. This issue has been addressed in in user_oidc v1.2.1. Users are advised to upgrade. Users unable to upgrade may use https to access Nextcloud. Set an HTTPS discovery URL in the provider settings (in Nextcloud OIDC admin settings)."}, {"lang": "es", "value": "user_oidc es un backend de usuario de OpenID Connect para Nextcloud. En versiones anteriores a la 1.2.1, la informaci\u00f3n sensible, como las credenciales y los tokens del cliente OIDC, se env\u00edan en texto plano de HTTP sin TLS. Cualquier actor malintencionado con acceso para monitorear el tr\u00e1fico de los usuarios puede haber podido comprometer la seguridad de la cuenta. Este problema se solucion\u00f3 en user_oidc v1.2.1. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar pueden usar https para acceder a Nextcloud. Establezca una URL de descubrimiento HTTPS en la configuraci\u00f3n del proveedor (en la configuraci\u00f3n de administrador de Nextcloud OIDC)."}], "id": "CVE-2022-39339", "lastModified": "2024-11-21T07:18:04.260", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-25T19:15:11.543", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vff-cq8h-chhg"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/nextcloud/user_oidc/pull/495"}, {"source": "security-advisories@github.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://hackerone.com/reports/1687005"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vff-cq8h-chhg"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/nextcloud/user_oidc/pull/495"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://hackerone.com/reports/1687005"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}