CVE-2023-39953— Issuer not verified from obtained token in user_oidc
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-39953
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Issuer not verified from obtained token in user_oidc
Source: NVD (National Vulnerability Database)
Vulnerability Description
user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also have access to. user_oidc 1.3.3 contains a patch. No known workarounds are available.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
认证算法的不正确实现
Source: NVD (National Vulnerability Database)
Vulnerability Title
Nextcloud user_oidc 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Nextcloud user_oidc是德国Nextcloud公司的一个应用程序 Nextcloud user_oidc 1.0.0版本至1.3.3之前版本存在安全漏洞,该漏洞源于缺少对发行者的验证。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| nextcloud | security-advisories | >= 1.0.0, < 1.3.3 | - |
II. Public POCs for CVE-2023-39953
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-39953
请登录查看更多情报信息。
- https://hackerone.com/reports/2021684x_refsource_MISC
- https://github.com/nextcloud/user_oidc/pull/642x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2023-39953
Same Patch Batch · nextcloud · 2023-08-10 · 10 CVEs total
| CVE-2023-39963 | 8.1 HIGH | Missing password confirmation when creating app passwords |
| CVE-2023-39962 | 7.7 HIGH | Users can delete external storage mount points |
| CVE-2023-39952 | 6.5 MEDIUM | Advanced permissions not respected when copying entire group folders |
| CVE-2023-39958 | 5.8 MEDIUM | Missing brute force protection on password reset token OAuth2 API controller |
| CVE-2023-39954 | 3.8 LOW | user_oidc app stores client secret unencrypted in database |
| CVE-2023-39955 | 3.5 LOW | Notes attachment render HTML in preview mode |
| CVE-2023-39959 | 3.5 LOW | Existence of calendars and address books can be checked by unauthenticated users |
| CVE-2023-39961 | 3.5 LOW | Text does not respect "Allow download" permissions |
| CVE-2023-39957 | Path traversal allows tricking the Talk Android app into writing files into it's root dire |
IV. Related Vulnerabilities
Same product: security-advisories
- CVE-2026-28272
Kiteworks Email Protection Gateway has a Cross-site Scriptin - CVE-2026-28271
Kiteworks Core is vulnerable to Server-Side Request Forgery - CVE-2026-28270
Kiteworks Core has an Unrestricted Upload of File with Dange - CVE-2026-28269
Kiteworks Core has an OS Command Injection - CVE-2025-66558
Nextcloud Twofactor WebAuthn app was updated based on public
Same vendor: nextcloud
- CVE-2026-44515
Nextcloud News: Authenticated blind SSRF via feed URL - CVE-2025-66558
Nextcloud Twofactor WebAuthn app was updated based on public - CVE-2025-66556
Nextcloud talk allows participants to blindly delete poll dr - CVE-2025-66554
Nextcloud Contacts vulnerable to Stored XSS in contacts app - CVE-2025-66549
Nextcloud Desktop discloses information when attempting to l
Same weakness: CWE-303
- CVE-2026-41103
Microsoft SSO Plugin for Jira & Confluence Elevation of Priv - CVE-2026-43640
Bitwarden Server < 2026.4.1 Authentication Bypass via SCIM A - CVE-2026-33190
CoreDNS TSIG authentication bypass on encrypted DNS transpor - CVE-2026-27656
Account Takeover via Substring Matching in OpenID Connect Au - CVE-2026-32953
Tillitis: TKey Client has an Error in Protocol Implementatio
V. Comments for CVE-2023-39953
No comments yet