CVE-2022-39339 - Vulnerability Details - OpenCVE

user_oidc is an OpenID Connect user backend for Nextcloud. In versions prior to 1.2.1 sensitive information such as the OIDC client credentials and tokens are sent in plain text of HTTP without TLS. Any malicious actor with access to monitor user traffic may have been able to compromise account security. This issue has been addressed in in user_oidc v1.2.1. Users are advised to upgrade. Users unable to upgrade may use https to access Nextcloud. Set an HTTPS discovery URL in the provider settings (in Nextcloud OIDC admin settings).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Nextcloud	Openid Connect User Backend

Configuration 1 [-]

cpe:2.3:a:nextcloud:openid_connect_user_backend:*:*:*:*:*:nextcloud:*:*

No data.

References

Link	Providers
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vff-cq8h-chhg
https://github.com/nextcloud/user_oidc/pull/495
https://hackerone.com/reports/1687005

History

Wed, 23 Apr 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-11-25T00:00:00.000Z

Updated: 2025-04-23T16:35:02.213Z

Reserved: 2022-09-02T00:00:00.000Z

Link: CVE-2022-39339

Vulnrichment

Updated: 2024-08-03T12:00:44.166Z

NVD

Status : Modified

Published: 2022-11-25T19:15:11.543

Modified: 2024-11-21T07:18:04.260

Link: CVE-2022-39339

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-39339", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2025-04-23T16:35:02.213Z", "dateReserved": "2022-09-02T00:00:00.000Z", "datePublished": "2022-11-25T00:00:00.000Z"}, "containers": {"cna": {"title": "Cleartext Transmission of Sensitive Information in user_oidc", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-11-25T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "user_oidc is an OpenID Connect user backend for Nextcloud. In versions prior to 1.2.1 sensitive information such as the OIDC client credentials and tokens are sent in plain text of HTTP without TLS. Any malicious actor with access to monitor user traffic may have been able to compromise account security. This issue has been addressed in in user_oidc v1.2.1. Users are advised to upgrade. Users unable to upgrade may use https to access Nextcloud. Set an HTTPS discovery URL in the provider settings (in Nextcloud OIDC admin settings)."}], "affected": [{"vendor": "nextcloud", "product": "security-advisories", "versions": [{"version": "< 1.2.1", "status": "affected"}]}], "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vff-cq8h-chhg"}, {"url": "https://github.com/nextcloud/user_oidc/pull/495"}, {"url": "https://hackerone.com/reports/1687005"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-319: Cleartext Transmission of Sensitive Information", "cweId": "CWE-319"}]}], "source": {"advisory": "GHSA-2vff-cq8h-chhg", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:00:44.166Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vff-cq8h-chhg", "tags": ["x_transferred"]}, {"url": "https://github.com/nextcloud/user_oidc/pull/495", "tags": ["x_transferred"]}, {"url": "https://hackerone.com/reports/1687005", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T13:53:55.413089Z", "id": "CVE-2022-39339", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T16:35:02.213Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-39339", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2025-04-23T16:35:02.213Z", "dateReserved": "2022-09-02T00:00:00.000Z", "datePublished": "2022-11-25T00:00:00.000Z"}, "containers": {"cna": {"title": "Cleartext Transmission of Sensitive Information in user_oidc", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-11-25T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "user_oidc is an OpenID Connect user backend for Nextcloud. In versions prior to 1.2.1 sensitive information such as the OIDC client credentials and tokens are sent in plain text of HTTP without TLS. Any malicious actor with access to monitor user traffic may have been able to compromise account security. This issue has been addressed in in user_oidc v1.2.1. Users are advised to upgrade. Users unable to upgrade may use https to access Nextcloud. Set an HTTPS discovery URL in the provider settings (in Nextcloud OIDC admin settings)."}], "affected": [{"vendor": "nextcloud", "product": "security-advisories", "versions": [{"version": "< 1.2.1", "status": "affected"}]}], "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vff-cq8h-chhg"}, {"url": "https://github.com/nextcloud/user_oidc/pull/495"}, {"url": "https://hackerone.com/reports/1687005"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-319: Cleartext Transmission of Sensitive Information", "cweId": "CWE-319"}]}], "source": {"advisory": "GHSA-2vff-cq8h-chhg", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:00:44.166Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vff-cq8h-chhg", "tags": ["x_transferred"]}, {"url": "https://github.com/nextcloud/user_oidc/pull/495", "tags": ["x_transferred"]}, {"url": "https://hackerone.com/reports/1687005", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-39339", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-23T13:53:55.413089Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T13:53:56.610Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:openid_connect_user_backend:*:*:*:*:*:nextcloud:*:*", "matchCriteriaId": "A6DF3630-82F0-4917-B4CD-8B93EE5DF79B", "versionEndExcluding": "1.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "user_oidc is an OpenID Connect user backend for Nextcloud. In versions prior to 1.2.1 sensitive information such as the OIDC client credentials and tokens are sent in plain text of HTTP without TLS. Any malicious actor with access to monitor user traffic may have been able to compromise account security. This issue has been addressed in in user_oidc v1.2.1. Users are advised to upgrade. Users unable to upgrade may use https to access Nextcloud. Set an HTTPS discovery URL in the provider settings (in Nextcloud OIDC admin settings)."}, {"lang": "es", "value": "user_oidc es un backend de usuario de OpenID Connect para Nextcloud. En versiones anteriores a la 1.2.1, la informaci\u00f3n sensible, como las credenciales y los tokens del cliente OIDC, se env\u00edan en texto plano de HTTP sin TLS. Cualquier actor malintencionado con acceso para monitorear el tr\u00e1fico de los usuarios puede haber podido comprometer la seguridad de la cuenta. Este problema se solucion\u00f3 en user_oidc v1.2.1. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar pueden usar https para acceder a Nextcloud. Establezca una URL de descubrimiento HTTPS en la configuraci\u00f3n del proveedor (en la configuraci\u00f3n de administrador de Nextcloud OIDC)."}], "id": "CVE-2022-39339", "lastModified": "2024-11-21T07:18:04.260", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-25T19:15:11.543", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vff-cq8h-chhg"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/nextcloud/user_oidc/pull/495"}, {"source": "security-advisories@github.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://hackerone.com/reports/1687005"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vff-cq8h-chhg"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/nextcloud/user_oidc/pull/495"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://hackerone.com/reports/1687005"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}