+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2026-05-21 (/Thread-HackerOne-Disclosed-Reports-2026-05-21)
HackerOne disclosed reports - 2026-05-21 - hashXploiter - 05-22-2026
Medium
resolved
resolved
Group restriction bypass via bearer token in user_oidc (SETTING_RESTRICT_LOGIN_TO_GROUPS not enforced in Backend::getCurrentUserId)
Bug reported by msat was disclosed at May 21, 2026, 10:12 pm | Improper Access Control - Generic
A security inconsistency was identified in the user_oidc app where group-based login restrictions were enforced in the browser OIDC flow but not in bearer token validation. This could have allowed users outside whitelisted groups to access the Nextcloud API with a valid bearer token.