{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2023-28848","title":"Title"},{"category":"description","text":"user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request. Users should upgrade user_oidc to 1.3.0 to receive a patch for the issue. No known workarounds are available.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2023-28848","url":"https://www.suse.com/security/cve/CVE-2023-28848"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1210097 for CVE-2023-28848","url":"https://bugzilla.suse.com/1210097"}],"title":"SUSE CVE CVE-2023-28848","tracking":{"current_release_date":"2025-02-16T06:24:03Z","generator":{"date":"2023-04-05T01:49:05Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2023-28848","initial_release_date":"2023-04-05T01:49:05Z","revision_history":[{"date":"2023-04-05T01:49:05Z","number":"2","summary":"Current version"},{"date":"2025-01-01T02:09:36Z","number":"3","summary":"Current version"},{"date":"2025-02-14T06:31:13Z","number":"4","summary":"Current version"},{"date":"2025-02-16T06:24:03Z","number":"5","summary":"Current version"}],"status":"interim","version":"5"}}}