CVE-2023-39954— user_oidc app stores client secret unencrypted in database
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-39954
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
user_oidc app stores client secret unencrypted in database
Source: NVD (National Vulnerability Database)
Vulnerability Description
user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, an attacker that obtained at least read access to a snapshot of the database can impersonate the Nextcloud server towards linked servers. user_oidc 1.3.3 contains a patch. No known workarounds are available.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
敏感数据加密缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
Nextcloud user_oidc 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Nextcloud user_oidc是德国Nextcloud公司的一个应用程序 Nextcloud user_oidc 1.0.0版本至1.3.3之前版本存在安全漏洞。攻击者利用该漏洞可以针对链接服务器冒充Nextcloud服务器。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| nextcloud | security-advisories | >= 1.0.0, < 1.3.3 | - |
II. Public POCs for CVE-2023-39954
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-39954
请登录查看更多情报信息。
- https://hackerone.com/reports/1994328x_refsource_MISC
- https://github.com/nextcloud/user_oidc/pull/636x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2023-39954
Same Patch Batch · nextcloud · 2023-08-10 · 10 CVEs total
| CVE-2023-39963 | 8.1 HIGH | Missing password confirmation when creating app passwords |
| CVE-2023-39962 | 7.7 HIGH | Users can delete external storage mount points |
| CVE-2023-39952 | 6.5 MEDIUM | Advanced permissions not respected when copying entire group folders |
| CVE-2023-39958 | 5.8 MEDIUM | Missing brute force protection on password reset token OAuth2 API controller |
| CVE-2023-39953 | 4.8 MEDIUM | Issuer not verified from obtained token in user_oidc |
| CVE-2023-39955 | 3.5 LOW | Notes attachment render HTML in preview mode |
| CVE-2023-39959 | 3.5 LOW | Existence of calendars and address books can be checked by unauthenticated users |
| CVE-2023-39961 | 3.5 LOW | Text does not respect "Allow download" permissions |
| CVE-2023-39957 | Path traversal allows tricking the Talk Android app into writing files into it's root dire |
IV. Related Vulnerabilities
Same product: security-advisories
- CVE-2026-28272
Kiteworks Email Protection Gateway has a Cross-site Scriptin - CVE-2026-28271
Kiteworks Core is vulnerable to Server-Side Request Forgery - CVE-2026-28270
Kiteworks Core has an Unrestricted Upload of File with Dange - CVE-2026-28269
Kiteworks Core has an OS Command Injection - CVE-2025-66558
Nextcloud Twofactor WebAuthn app was updated based on public
Same vendor: nextcloud
- CVE-2025-66558
Nextcloud Twofactor WebAuthn app was updated based on public - CVE-2025-66556
Nextcloud talk allows participants to blindly delete poll dr - CVE-2025-66554
Nextcloud Contacts vulnerable to Stored XSS in contacts app - CVE-2025-66549
Nextcloud Desktop discloses information when attempting to l - CVE-2025-66545
Nextcloud Groupfolders users with read-only permissions for
Same weakness: CWE-311
- CVE-2026-34486
Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of Encr - CVE-2026-34992
Missing Encryption of Sensitive Data in antrea.io/antrea - CVE-2026-28678
dsa-hub-server: Clear-Text Storage of Sensitive Data - CVE-2026-27944
Nginx UI: Unauthenticated Backup Download with Encryption Ke - CVE-2025-15548
Missing Application-Layer Encryption in Web Interface Endpoi
V. Comments for CVE-2023-39954
No comments yet