Nextcloud is an open source content collaboration platform. From versions 0.3.0 to before 3.1.0, 5.0.0 to before 5.1.0, and 6.0.0 to before 6.4.0, a missing sig…

A critical vulnerability in Nextcloud's User OIDC component allows malicious ID4me authorities to impersonate any user due to missing signature verification. The flaw affects multiple version ranges from 0.3.0 to 6.4.0 across different release branches. This authentication bypass vulnerability could lead to complete account takeover by malicious actors. The issue has been patched in versions 3.1.0, 4.1.0, 5.1.0, 6.4.0, and 8.3.0. Organizations using affected versions should update immediately to prevent unauthorized access.