CVE-2024-22400 - OpenCVE

Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nextcloud	Sso \& Saml Authentication

Configuration 1 [-]

OR	cpe:2.3:a:nextcloud:sso_\&_saml_authentication::::::::
	cpe:2.3:a:nextcloud:sso_\&_saml_authentication::::::::
	cpe:2.3:a:nextcloud:sso_\&_saml_authentication:6.0.0:::::::*

No data.

References

Link	Providers
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-622q-xhfr-xmv7
https://github.com/nextcloud/user_saml/commit/b184304a476deeba36e92b70562d5de7c2f85f8a
https://github.com/nextcloud/user_saml/pull/788
https://hackerone.com/reports/2263044

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-01-18T19:21:06.618Z

Updated: 2024-08-01T22:43:34.917Z

Reserved: 2024-01-10T15:09:55.546Z

Link: CVE-2024-22400

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2024-01-18T20:15:08.360

Modified: 2024-01-26T20:55:37.543

Link: CVE-2024-22400

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22400", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-10T15:09:55.546Z", "datePublished": "2024-01-18T19:21:06.618Z", "dateUpdated": "2024-08-01T22:43:34.917Z"}, "containers": {"cna": {"title": "Open redirect in user_saml via RelayState parameter in Nextcloud User Saml", "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "lang": "en", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-622q-xhfr-xmv7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-622q-xhfr-xmv7"}, {"name": "https://github.com/nextcloud/user_saml/pull/788", "tags": ["x_refsource_MISC"], "url": "https://github.com/nextcloud/user_saml/pull/788"}, {"name": "https://github.com/nextcloud/user_saml/commit/b184304a476deeba36e92b70562d5de7c2f85f8a", "tags": ["x_refsource_MISC"], "url": "https://github.com/nextcloud/user_saml/commit/b184304a476deeba36e92b70562d5de7c2f85f8a"}, {"name": "https://hackerone.com/reports/2263044", "tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/2263044"}], "affected": [{"vendor": "nextcloud", "product": "security-advisories", "versions": [{"version": ">= 5.0.0, < 5.1.5", "status": "affected"}, {"version": ">= 5.2.0, < 5.2.5", "status": "affected"}, {"version": ">= 6.0.0, < 6.0.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-18T19:21:06.618Z"}, "descriptions": [{"lang": "en", "value": "Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue."}], "source": {"advisory": "GHSA-622q-xhfr-xmv7", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:34.917Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-622q-xhfr-xmv7", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-622q-xhfr-xmv7"}, {"name": "https://github.com/nextcloud/user_saml/pull/788", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/nextcloud/user_saml/pull/788"}, {"name": "https://github.com/nextcloud/user_saml/commit/b184304a476deeba36e92b70562d5de7c2f85f8a", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/nextcloud/user_saml/commit/b184304a476deeba36e92b70562d5de7c2f85f8a"}, {"name": "https://hackerone.com/reports/2263044", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/2263044"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:sso_\\&_saml_authentication:*:*:*:*:*:*:*:*", "matchCriteriaId": "68724AAA-D837-4365-88F2-835D518A1805", "versionEndExcluding": "5.1.5", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:sso_\\&_saml_authentication:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F52CDDE-DE98-4150-B3A1-1FB15C6A0F19", "versionEndExcluding": "5.2.5", "versionStartIncluding": "5.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:sso_\\&_saml_authentication:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "85B7A2B1-195F-4C8C-8521-E6C140A79B7A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue."}, {"lang": "es", "value": "Nextcloud User Saml es una aplicaci\u00f3n para autenticar a los usuarios de Nextcloud mediante SAML. En las versiones afectadas, a los usuarios se les puede proporcionar un enlace al servidor de Nextcloud y terminar en un servidor de terceros no controlado. Se recomienda actualizar la aplicaci\u00f3n User Saml a la versi\u00f3n 5.1.5, 5.2.5 o 6.0.1. No se conocen workarounds para este problema."}], "id": "CVE-2024-22400", "lastModified": "2024-01-26T20:55:37.543", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-01-18T20:15:08.360", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-622q-xhfr-xmv7"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/nextcloud/user_saml/commit/b184304a476deeba36e92b70562d5de7c2f85f8a"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/nextcloud/user_saml/pull/788"}, {"source": "security-advisories@github.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://hackerone.com/reports/2263044"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "security-advisories@github.com", "type": "Primary"}]}