Search criteria
31 vulnerabilities found for Mail by Nextcloud
CVE-2025-66514 (GCVE-0-2025-66514)
Vulnerability from nvd – Published: 2025-12-05 17:32 – Updated: 2025-12-08 20:10
VLAI?
Title
Nextcloud Mail stored HTML injection in subject text
Summary
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content security policy of the Nextcloud Server code.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 5.2.0-beta.1, < 5.5.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T20:10:07.643433Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T20:10:21.710Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.2.0-beta.1, \u003c 5.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app\u0027s message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content security policy of the Nextcloud Server code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T17:32:25.767Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-v394-8gpc-6fv5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-v394-8gpc-6fv5"
},
{
"name": "https://github.com/nextcloud/mail/pull/11740",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/pull/11740"
},
{
"name": "https://github.com/nextcloud/mail/commit/c64fcc3b79e0c089b5e1d2e04a07bfa740b2ac09",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/commit/c64fcc3b79e0c089b5e1d2e04a07bfa740b2ac09"
},
{
"name": "https://hackerone.com/reports/3357036",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/3357036"
}
],
"source": {
"advisory": "GHSA-v394-8gpc-6fv5",
"discovery": "UNKNOWN"
},
"title": "Nextcloud Mail stored HTML injection in subject text"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66514",
"datePublished": "2025-12-05T17:32:25.767Z",
"dateReserved": "2025-12-03T15:28:02.992Z",
"dateUpdated": "2025-12-08T20:10:21.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-52509 (GCVE-0-2024-52509)
Vulnerability from nvd – Published: 2024-11-15 17:37 – Updated: 2024-11-15 18:11
VLAI?
Title
Nextcloud Mail app does not respect download permissions in shares
Summary
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients. It is recommended that the Nextcloud Mail is upgraded to 2.2.10, 3.6.2 or 3.7.2.
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>=2.2.0, < 2.2.10
Affected: >= 3.6.0, < 3.6.2 Affected: >= 3.7.0, < 3.7.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T18:11:39.753390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T18:11:49.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e=2.2.0, \u003c 2.2.10"
},
{
"status": "affected",
"version": "\u003e= 3.6.0, \u003c 3.6.2"
},
{
"status": "affected",
"version": "\u003e= 3.7.0, \u003c 3.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients. It is recommended that the Nextcloud Mail is upgraded to 2.2.10, 3.6.2 or 3.7.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:37:47.035Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pwpp-fvcr-w862",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pwpp-fvcr-w862"
},
{
"name": "https://github.com/nextcloud/mail/pull/9592",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/pull/9592"
},
{
"name": "https://github.com/nextcloud/mail/commit/8d44f1ce44684022aa4e62a3e0462fdadcde6c8b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/commit/8d44f1ce44684022aa4e62a3e0462fdadcde6c8b"
},
{
"name": "https://hackerone.com/reports/1878255",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1878255"
}
],
"source": {
"advisory": "GHSA-pwpp-fvcr-w862",
"discovery": "UNKNOWN"
},
"title": "Nextcloud Mail app does not respect download permissions in shares"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52509",
"datePublished": "2024-11-15T17:37:47.035Z",
"dateReserved": "2024-11-11T18:49:23.558Z",
"dateUpdated": "2024-11-15T18:11:49.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52508 (GCVE-0-2024-52508)
Vulnerability from nvd – Published: 2024-11-15 17:34 – Updated: 2024-11-15 18:17
VLAI?
Title
Nextcloud Mail auto configurator can be tricked into sending account information to wrong servers
Summary
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like user@example.tld that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would be send to the server of the attacker. It is recommended that the Nextcloud Mail app is upgraded to 1.14.6, 1.15.4, 2.2.11, 3.6.3, 3.7.7 or 4.0.0.
Severity ?
8.2 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 1.9.0, < 1.14.6
Affected: >= 2.1.0, < 2.2.11 Affected: >= 3.1.0, < 3.6.3 Affected: >= 1.15.0, < 1.15.4 Affected: >= 3.7.0, < 3.7.7 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nextcloud:nextcloud_mail:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nextcloud_mail",
"vendor": "nextcloud",
"versions": [
{
"lessThan": "1.14.6",
"status": "affected",
"version": "1.9.0",
"versionType": "custom"
},
{
"lessThan": "2.2.11",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
},
{
"lessThan": "3.6.3",
"status": "affected",
"version": "3.1.0",
"versionType": "custom"
},
{
"lessThan": "15.4.0",
"status": "affected",
"version": "1.15.0",
"versionType": "custom"
},
{
"lessThan": "3.7.7",
"status": "affected",
"version": "3.7.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T18:12:55.485493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T18:17:04.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.9.0, \u003c 1.14.6"
},
{
"status": "affected",
"version": "\u003e= 2.1.0, \u003c 2.2.11"
},
{
"status": "affected",
"version": "\u003e= 3.1.0, \u003c 3.6.3"
},
{
"status": "affected",
"version": "\u003e= 1.15.0, \u003c 1.15.4"
},
{
"status": "affected",
"version": "\u003e= 3.7.0, \u003c 3.7.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like user@example.tld that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would be send to the server of the attacker. It is recommended that the Nextcloud Mail app is upgraded to 1.14.6, 1.15.4, 2.2.11, 3.6.3, 3.7.7 or 4.0.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:34:21.900Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vmhx-hwph-q6mc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vmhx-hwph-q6mc"
},
{
"name": "https://github.com/nextcloud/mail/pull/9964",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/pull/9964"
},
{
"name": "https://github.com/nextcloud/mail/commit/a84c70e15d814dab6f0e8eda71bbaaf48152079b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/commit/a84c70e15d814dab6f0e8eda71bbaaf48152079b"
},
{
"name": "https://hackerone.com/reports/2508422",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/2508422"
}
],
"source": {
"advisory": "GHSA-vmhx-hwph-q6mc",
"discovery": "UNKNOWN"
},
"title": "Nextcloud Mail auto configurator can be tricked into sending account information to wrong servers"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52508",
"datePublished": "2024-11-15T17:34:21.900Z",
"dateReserved": "2024-11-11T18:49:23.558Z",
"dateUpdated": "2024-11-15T18:17:04.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48307 (GCVE-0-2023-48307)
Vulnerability from nvd – Published: 2023-11-21 22:22 – Updated: 2024-08-02 21:23
VLAI?
Title
Nextcloud Mail app vulnerable to Server-Side Request Forgery
Summary
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 contain a patch for this issue. As a workaround, disable the mail app.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 1.13.0, < 2.2.8
Affected: >= 3.1.0, < 3.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:23:39.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4pp4-m8ph-2999",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4pp4-m8ph-2999"
},
{
"name": "https://github.com/nextcloud/mail/pull/8709",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/mail/pull/8709"
},
{
"name": "https://hackerone.com/reports/1869714",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1869714"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c 2.2.8"
},
{
"status": "affected",
"version": "\u003e= 3.1.0, \u003c 3.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 contain a patch for this issue. As a workaround, disable the mail app."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-21T22:22:56.780Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4pp4-m8ph-2999",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4pp4-m8ph-2999"
},
{
"name": "https://github.com/nextcloud/mail/pull/8709",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/pull/8709"
},
{
"name": "https://hackerone.com/reports/1869714",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1869714"
}
],
"source": {
"advisory": "GHSA-4pp4-m8ph-2999",
"discovery": "UNKNOWN"
},
"title": "Nextcloud Mail app vulnerable to Server-Side Request Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48307",
"datePublished": "2023-11-21T22:22:56.780Z",
"dateReserved": "2023-11-14T17:41:15.572Z",
"dateUpdated": "2024-08-02T21:23:39.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45660 (GCVE-0-2023-45660)
Vulnerability from nvd – Published: 2023-10-16 18:32 – Updated: 2024-09-13 19:36
VLAI?
Title
Require strict cookies for image proxy requests in Nextcloud Mail
Summary
Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0. There are no known workarounds for this vulnerability.
Severity ?
4.3 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 2.0.0, < 2.2.8
Affected: >= 3.0.0, < 3.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8j9x-fmww-qr37",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8j9x-fmww-qr37"
},
{
"name": "https://github.com/nextcloud/mail/pull/8459",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/mail/pull/8459"
},
{
"name": "https://hackerone.com/reports/1895874",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1895874"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T19:22:39.279370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T19:36:36.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.2.8"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T18:32:00.486Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8j9x-fmww-qr37",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8j9x-fmww-qr37"
},
{
"name": "https://github.com/nextcloud/mail/pull/8459",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/pull/8459"
},
{
"name": "https://hackerone.com/reports/1895874",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1895874"
}
],
"source": {
"advisory": "GHSA-8j9x-fmww-qr37",
"discovery": "UNKNOWN"
},
"title": "Require strict cookies for image proxy requests in Nextcloud Mail"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45660",
"datePublished": "2023-10-16T18:32:00.486Z",
"dateReserved": "2023-10-10T14:36:40.859Z",
"dateUpdated": "2024-09-13T19:36:36.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33184 (GCVE-0-2023-33184)
Vulnerability from nvd – Published: 2023-05-27 04:36 – Updated: 2025-01-14 18:17
VLAI?
Title
Blind SSRF in the Nextcloud Mail app on avatar endpoint
Summary
Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 1.15.3
Affected: < 2.2.5 Affected: < 3.02 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gph-9895-w564",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gph-9895-w564"
},
{
"name": "https://github.com/nextcloud/mail/pull/8275",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/mail/pull/8275"
},
{
"name": "https://hackerone.com/reports/1913095",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1913095"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33184",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T18:17:35.371896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T18:17:48.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 1.15.3"
},
{
"status": "affected",
"version": "\u003c 2.2.5"
},
{
"status": "affected",
"version": "\u003c 3.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-27T04:36:01.535Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gph-9895-w564",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gph-9895-w564"
},
{
"name": "https://github.com/nextcloud/mail/pull/8275",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/pull/8275"
},
{
"name": "https://hackerone.com/reports/1913095",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1913095"
}
],
"source": {
"advisory": "GHSA-8gph-9895-w564",
"discovery": "UNKNOWN"
},
"title": "Blind SSRF in the Nextcloud Mail app on avatar endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-33184",
"datePublished": "2023-05-27T04:36:01.535Z",
"dateReserved": "2023-05-17T22:25:50.697Z",
"dateUpdated": "2025-01-14T18:17:48.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25160 (GCVE-0-2023-25160)
Vulnerability from nvd – Published: 2023-02-13 20:19 – Updated: 2025-03-10 21:12
VLAI?
Title
IDOR Vulnerability in Nextcloud Mail
Summary
Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25, Mail 1.14.5 for Nextcloud 22-24, Mail 1.12.9 for Nextcloud 21, or Mail 1.11.8 for Nextcloud 20 to receive a patch. No known workarounds are available.
Severity ?
4.1 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 1.11.8
Affected: >= 1.12.0, < 1.12.9 Affected: >= 1.13.0, < 1.14.5 Affected: >= 2.0.0, < 2.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:36.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m45f-r5gh-h6cx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m45f-r5gh-h6cx"
},
{
"name": "https://github.com/nextcloud/mail/pull/7740",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/mail/pull/7740"
},
{
"name": "https://hackerone.com/reports/1784681",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1784681"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:57:50.648352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:12:50.353Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 1.11.8"
},
{
"status": "affected",
"version": "\u003e= 1.12.0, \u003c 1.12.9"
},
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c 1.14.5"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25, Mail 1.14.5 for Nextcloud 22-24, Mail 1.12.9 for Nextcloud 21, or Mail 1.11.8 for Nextcloud 20 to receive a patch. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-13T20:19:08.774Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m45f-r5gh-h6cx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m45f-r5gh-h6cx"
},
{
"name": "https://github.com/nextcloud/mail/pull/7740",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/pull/7740"
},
{
"name": "https://hackerone.com/reports/1784681",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1784681"
}
],
"source": {
"advisory": "GHSA-m45f-r5gh-h6cx",
"discovery": "UNKNOWN"
},
"title": "IDOR Vulnerability in Nextcloud Mail"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25160",
"datePublished": "2023-02-13T20:19:08.774Z",
"dateReserved": "2023-02-03T16:59:18.245Z",
"dateUpdated": "2025-03-10T21:12:50.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23943 (GCVE-0-2023-23943)
Vulnerability from nvd – Published: 2023-02-06 20:18 – Updated: 2025-03-10 21:16
VLAI?
Title
Blind SSRF via server URL input in the Nextcloud Mail app
Summary
Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is upgraded to 1.15.0 or 2.2.2. The only known workaround for this issue is to completely disable the nextcloud mail app.
Severity ?
5 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 2.0.0, < 2.2.2
Affected: < 1.15.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:49:08.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gcx-r739-9pf6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gcx-r739-9pf6"
},
{
"name": "https://github.com/nextcloud/mail/pull/7796",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/mail/pull/7796"
},
{
"name": "https://hackerone.com/reports/1736390",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1736390"
},
{
"name": "https://hackerone.com/reports/1741525",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1741525"
},
{
"name": "https://hackerone.com/reports/1746582",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1746582"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23943",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T21:01:20.442040Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:16:03.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.2.2"
},
{
"status": "affected",
"version": "\u003c 1.15.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is upgraded to 1.15.0 or 2.2.2. The only known workaround for this issue is to completely disable the nextcloud mail app."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-06T20:18:33.641Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gcx-r739-9pf6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gcx-r739-9pf6"
},
{
"name": "https://github.com/nextcloud/mail/pull/7796",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/pull/7796"
},
{
"name": "https://hackerone.com/reports/1736390",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1736390"
},
{
"name": "https://hackerone.com/reports/1741525",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1741525"
},
{
"name": "https://hackerone.com/reports/1746582",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1746582"
}
],
"source": {
"advisory": "GHSA-8gcx-r739-9pf6",
"discovery": "UNKNOWN"
},
"title": "Blind SSRF via server URL input in the Nextcloud Mail app"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-23943",
"datePublished": "2023-02-06T20:18:33.641Z",
"dateReserved": "2023-01-19T21:12:31.362Z",
"dateUpdated": "2025-03-10T21:16:03.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23944 (GCVE-0-2023-23944)
Vulnerability from nvd – Published: 2023-02-06 19:35 – Updated: 2025-03-10 21:16
VLAI?
Title
Nexcloud Mail app temporarily stores cleartext password in database
Summary
Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user passwords until the OAuth setup has been completed. It is recommended that the Nextcloud Mail app is upgraded to 2.2.2. There are no known workarounds for this issue.
Severity ?
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 2.2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:49:07.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g86r-x755-93f4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g86r-x755-93f4"
},
{
"name": "https://github.com/nextcloud/mail/pull/7797",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/mail/pull/7797"
},
{
"name": "https://hackerone.com/reports/1806275",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1806275"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23944",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:58:26.539868Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:16:09.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 2.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user\u0027s passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user passwords until the OAuth setup has been completed. It is recommended that the Nextcloud Mail app is upgraded to 2.2.2. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-06T19:35:31.498Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g86r-x755-93f4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g86r-x755-93f4"
},
{
"name": "https://github.com/nextcloud/mail/pull/7797",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/pull/7797"
},
{
"name": "https://hackerone.com/reports/1806275",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1806275"
}
],
"source": {
"advisory": "GHSA-g86r-x755-93f4",
"discovery": "UNKNOWN"
},
"title": "Nexcloud Mail app temporarily stores cleartext password in database"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-23944",
"datePublished": "2023-02-06T19:35:31.498Z",
"dateReserved": "2023-01-19T21:12:31.362Z",
"dateUpdated": "2025-03-10T21:16:09.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31119 (GCVE-0-2022-31119)
Vulnerability from nvd – Published: 2022-08-04 17:15 – Updated: 2025-04-23 17:53
VLAI?
Title
Password disclosure in log file in Nextcloud Mail App
Summary
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is recommended that the Nextcloud Mail is upgraded to 1.12.1. Operators should inspect their logs and remove passwords which have been logged. There are no workarounds to prevent logging in the event of a misconfiguration.
Severity ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 1.12.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-63m3-w68h-3wjg"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/mail/issues/823"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/mail/pull/6488/commits/ab9ade57fbc1f465ffe905248f93f328d638d7e5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31119",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:02:22.954022Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:53:40.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 1.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is recommended that the Nextcloud Mail is upgraded to 1.12.1. Operators should inspect their logs and remove passwords which have been logged. There are no workarounds to prevent logging in the event of a misconfiguration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-04T17:15:17.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-63m3-w68h-3wjg"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/issues/823"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/pull/6488/commits/ab9ade57fbc1f465ffe905248f93f328d638d7e5"
}
],
"source": {
"advisory": "GHSA-63m3-w68h-3wjg",
"discovery": "UNKNOWN"
},
"title": "Password disclosure in log file in Nextcloud Mail App",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31119",
"STATE": "PUBLIC",
"TITLE": "Password disclosure in log file in Nextcloud Mail App"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_value": "\u003c 1.12.1"
}
]
}
}
]
},
"vendor_name": "nextcloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is recommended that the Nextcloud Mail is upgraded to 1.12.1. Operators should inspect their logs and remove passwords which have been logged. There are no workarounds to prevent logging in the event of a misconfiguration."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Insertion of Sensitive Information into Log File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-63m3-w68h-3wjg",
"refsource": "CONFIRM",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-63m3-w68h-3wjg"
},
{
"name": "https://github.com/nextcloud/mail/issues/823",
"refsource": "MISC",
"url": "https://github.com/nextcloud/mail/issues/823"
},
{
"name": "https://github.com/nextcloud/mail/pull/6488/commits/ab9ade57fbc1f465ffe905248f93f328d638d7e5",
"refsource": "MISC",
"url": "https://github.com/nextcloud/mail/pull/6488/commits/ab9ade57fbc1f465ffe905248f93f328d638d7e5"
}
]
},
"source": {
"advisory": "GHSA-63m3-w68h-3wjg",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31119",
"datePublished": "2022-08-04T17:15:17.000Z",
"dateReserved": "2022-05-18T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:53:40.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31132 (GCVE-0-2022-31132)
Vulnerability from nvd – Published: 2022-08-04 17:10 – Updated: 2025-04-23 17:53
VLAI?
Title
Unauthenticated SSRF in 3rd party module "cerdic/csstidy"
Summary
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path `./vendor/cerdic/css-tidy/css_optimiser.php`. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery (SSRF). It is recommendet to upgrade to Mail 1.12.7 or Mail 1.13.6. Users unable to upgrade may manually delete the file located at `./vendor/cerdic/css-tidy/css_optimiser.php`
Severity ?
8.3 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 1.12.8
Affected: >= 1.13.0, < 1.13.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24pm-rjfv-23mh"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:52:23.389489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:53:46.349Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 1.12.8"
},
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c 1.13.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path `./vendor/cerdic/css-tidy/css_optimiser.php`. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery (SSRF). It is recommendet to upgrade to Mail 1.12.7 or Mail 1.13.6. Users unable to upgrade may manually delete the file located at `./vendor/cerdic/css-tidy/css_optimiser.php`"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-04T17:10:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24pm-rjfv-23mh"
}
],
"source": {
"advisory": "GHSA-24pm-rjfv-23mh",
"discovery": "UNKNOWN"
},
"title": "Unauthenticated SSRF in 3rd party module \"cerdic/csstidy\"",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31132",
"STATE": "PUBLIC",
"TITLE": "Unauthenticated SSRF in 3rd party module \"cerdic/csstidy\""
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_value": "\u003c 1.12.8"
},
{
"version_value": "\u003e= 1.13.0, \u003c 1.13.6"
}
]
}
}
]
},
"vendor_name": "nextcloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path `./vendor/cerdic/css-tidy/css_optimiser.php`. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery (SSRF). It is recommendet to upgrade to Mail 1.12.7 or Mail 1.13.6. Users unable to upgrade may manually delete the file located at `./vendor/cerdic/css-tidy/css_optimiser.php`"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24pm-rjfv-23mh",
"refsource": "CONFIRM",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24pm-rjfv-23mh"
}
]
},
"source": {
"advisory": "GHSA-24pm-rjfv-23mh",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31132",
"datePublished": "2022-08-04T17:10:10.000Z",
"dateReserved": "2022-05-18T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:53:46.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39220 (GCVE-0-2021-39220)
Vulnerability from nvd – Published: 2021-10-25 18:55 – Updated: 2024-08-04 01:58
VLAI?
Title
Bypass of image blocking in Nextcloud Mail
Summary
Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommended that the Nextcloud Mail application is upgraded to 1.10.4 or 1.11.0. There are no known workarounds aside from upgrading.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 1.10.4, < 1.11.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:18.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q9v-wm8r-rcv5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/mail/pull/5470"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1308147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 1.10.4, \u003c 1.11.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommended that the Nextcloud Mail application is upgraded to 1.10.4 or 1.11.0. There are no known workarounds aside from upgrading."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-25T18:55:14",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q9v-wm8r-rcv5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/pull/5470"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1308147"
}
],
"source": {
"advisory": "GHSA-6q9v-wm8r-rcv5",
"discovery": "UNKNOWN"
},
"title": "Bypass of image blocking in Nextcloud Mail",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-39220",
"STATE": "PUBLIC",
"TITLE": "Bypass of image blocking in Nextcloud Mail"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_value": "\u003c 1.10.4, \u003c 1.11.0"
}
]
}
}
]
},
"vendor_name": "nextcloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommended that the Nextcloud Mail application is upgraded to 1.10.4 or 1.11.0. There are no known workarounds aside from upgrading."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q9v-wm8r-rcv5",
"refsource": "CONFIRM",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q9v-wm8r-rcv5"
},
{
"name": "https://github.com/nextcloud/mail/pull/5470",
"refsource": "MISC",
"url": "https://github.com/nextcloud/mail/pull/5470"
},
{
"name": "https://hackerone.com/reports/1308147",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1308147"
}
]
},
"source": {
"advisory": "GHSA-6q9v-wm8r-rcv5",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-39220",
"datePublished": "2021-10-25T18:55:14",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-08-04T01:58:18.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32707 (GCVE-0-2021-32707)
Vulnerability from nvd – Published: 2021-07-12 19:05 – Updated: 2024-08-03 23:25
VLAI?
Title
Bypass of image blocking in Nextcloud Mail
Summary
Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attribute. Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage. The issue was patched in version 1.9.6 and 1.10.0. No workarounds are known to exist.
Severity ?
4.3 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 1.9.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:31.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xxp4-44xc-8crh"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/mail/pull/5189"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1215251"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 1.9.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attribute. Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage. The issue was patched in version 1.9.6 and 1.10.0. No workarounds are known to exist."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-12T19:05:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xxp4-44xc-8crh"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/pull/5189"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1215251"
}
],
"source": {
"advisory": "GHSA-xxp4-44xc-8crh",
"discovery": "UNKNOWN"
},
"title": "Bypass of image blocking in Nextcloud Mail",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32707",
"STATE": "PUBLIC",
"TITLE": "Bypass of image blocking in Nextcloud Mail"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_value": "\u003c 1.9.6"
}
]
}
}
]
},
"vendor_name": "nextcloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attribute. Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage. The issue was patched in version 1.9.6 and 1.10.0. No workarounds are known to exist."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xxp4-44xc-8crh",
"refsource": "CONFIRM",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xxp4-44xc-8crh"
},
{
"name": "https://github.com/nextcloud/mail/pull/5189",
"refsource": "MISC",
"url": "https://github.com/nextcloud/mail/pull/5189"
},
{
"name": "https://hackerone.com/reports/1215251",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1215251"
}
]
},
"source": {
"advisory": "GHSA-xxp4-44xc-8crh",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32707",
"datePublished": "2021-07-12T19:05:13",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:31.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32652 (GCVE-0-2021-32652)
Vulnerability from nvd – Published: 2021-06-01 19:05 – Updated: 2024-08-03 23:25
VLAI?
Title
Missing permission check on email metadata retrieval
Summary
Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users. Versions 1.4.3 and 1.8.2 contain patches for this vulnerability; no workarounds other than the patches are known to exist.
Severity ?
8.8 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 1.4.3
Affected: >= 1.5.5, < 1.8.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:31.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mxx2-6rg9-v2vc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1094063"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.3"
},
{
"status": "affected",
"version": "\u003e= 1.5.5, \u003c 1.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users. Versions 1.4.3 and 1.8.2 contain patches for this vulnerability; no workarounds other than the patches are known to exist."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-01T19:05:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mxx2-6rg9-v2vc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1094063"
}
],
"source": {
"advisory": "GHSA-mxx2-6rg9-v2vc",
"discovery": "UNKNOWN"
},
"title": "Missing permission check on email metadata retrieval",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32652",
"STATE": "PUBLIC",
"TITLE": "Missing permission check on email metadata retrieval"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_value": "\u003c 1.4.3"
},
{
"version_value": "\u003e= 1.5.5, \u003c 1.8.2"
}
]
}
}
]
},
"vendor_name": "nextcloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users. Versions 1.4.3 and 1.8.2 contain patches for this vulnerability; no workarounds other than the patches are known to exist."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mxx2-6rg9-v2vc",
"refsource": "CONFIRM",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mxx2-6rg9-v2vc"
},
{
"name": "https://hackerone.com/reports/1094063",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1094063"
}
]
},
"source": {
"advisory": "GHSA-mxx2-6rg9-v2vc",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32652",
"datePublished": "2021-06-01T19:05:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:31.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8156 (GCVE-0-2020-8156)
Vulnerability from nvd – Published: 2020-05-12 13:01 – Updated: 2024-08-04 09:48
VLAI?
Summary
A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.
Severity ?
No CVSS data available.
CWE
- CWE-295 - Improper Certificate Validation (CWE-295)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Nextcloud Mail |
Affected:
1.1.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-020"
},
{
"name": "FEDORA-2020-c9863904de",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KC6HLX5SG4PZO6Y54D2LFJ4ATG76BKOP/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nextcloud Mail",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Improper Certificate Validation (CWE-295)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-19T18:06:21",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-020"
},
{
"name": "FEDORA-2020-c9863904de",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KC6HLX5SG4PZO6Y54D2LFJ4ATG76BKOP/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nextcloud Mail",
"version": {
"version_data": [
{
"version_value": "1.1.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Certificate Validation (CWE-295)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-020",
"refsource": "MISC",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-020"
},
{
"name": "FEDORA-2020-c9863904de",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KC6HLX5SG4PZO6Y54D2LFJ4ATG76BKOP/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8156",
"datePublished": "2020-05-12T13:01:22",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:48:25.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-66514 (GCVE-0-2025-66514)
Vulnerability from cvelistv5 – Published: 2025-12-05 17:32 – Updated: 2025-12-08 20:10
VLAI?
Title
Nextcloud Mail stored HTML injection in subject text
Summary
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content security policy of the Nextcloud Server code.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 5.2.0-beta.1, < 5.5.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T20:10:07.643433Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T20:10:21.710Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.2.0-beta.1, \u003c 5.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app\u0027s message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content security policy of the Nextcloud Server code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T17:32:25.767Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-v394-8gpc-6fv5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-v394-8gpc-6fv5"
},
{
"name": "https://github.com/nextcloud/mail/pull/11740",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/pull/11740"
},
{
"name": "https://github.com/nextcloud/mail/commit/c64fcc3b79e0c089b5e1d2e04a07bfa740b2ac09",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/commit/c64fcc3b79e0c089b5e1d2e04a07bfa740b2ac09"
},
{
"name": "https://hackerone.com/reports/3357036",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/3357036"
}
],
"source": {
"advisory": "GHSA-v394-8gpc-6fv5",
"discovery": "UNKNOWN"
},
"title": "Nextcloud Mail stored HTML injection in subject text"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66514",
"datePublished": "2025-12-05T17:32:25.767Z",
"dateReserved": "2025-12-03T15:28:02.992Z",
"dateUpdated": "2025-12-08T20:10:21.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-52509 (GCVE-0-2024-52509)
Vulnerability from cvelistv5 – Published: 2024-11-15 17:37 – Updated: 2024-11-15 18:11
VLAI?
Title
Nextcloud Mail app does not respect download permissions in shares
Summary
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients. It is recommended that the Nextcloud Mail is upgraded to 2.2.10, 3.6.2 or 3.7.2.
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>=2.2.0, < 2.2.10
Affected: >= 3.6.0, < 3.6.2 Affected: >= 3.7.0, < 3.7.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T18:11:39.753390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T18:11:49.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e=2.2.0, \u003c 2.2.10"
},
{
"status": "affected",
"version": "\u003e= 3.6.0, \u003c 3.6.2"
},
{
"status": "affected",
"version": "\u003e= 3.7.0, \u003c 3.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients. It is recommended that the Nextcloud Mail is upgraded to 2.2.10, 3.6.2 or 3.7.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:37:47.035Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pwpp-fvcr-w862",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pwpp-fvcr-w862"
},
{
"name": "https://github.com/nextcloud/mail/pull/9592",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/pull/9592"
},
{
"name": "https://github.com/nextcloud/mail/commit/8d44f1ce44684022aa4e62a3e0462fdadcde6c8b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/commit/8d44f1ce44684022aa4e62a3e0462fdadcde6c8b"
},
{
"name": "https://hackerone.com/reports/1878255",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1878255"
}
],
"source": {
"advisory": "GHSA-pwpp-fvcr-w862",
"discovery": "UNKNOWN"
},
"title": "Nextcloud Mail app does not respect download permissions in shares"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52509",
"datePublished": "2024-11-15T17:37:47.035Z",
"dateReserved": "2024-11-11T18:49:23.558Z",
"dateUpdated": "2024-11-15T18:11:49.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52508 (GCVE-0-2024-52508)
Vulnerability from cvelistv5 – Published: 2024-11-15 17:34 – Updated: 2024-11-15 18:17
VLAI?
Title
Nextcloud Mail auto configurator can be tricked into sending account information to wrong servers
Summary
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like user@example.tld that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would be send to the server of the attacker. It is recommended that the Nextcloud Mail app is upgraded to 1.14.6, 1.15.4, 2.2.11, 3.6.3, 3.7.7 or 4.0.0.
Severity ?
8.2 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 1.9.0, < 1.14.6
Affected: >= 2.1.0, < 2.2.11 Affected: >= 3.1.0, < 3.6.3 Affected: >= 1.15.0, < 1.15.4 Affected: >= 3.7.0, < 3.7.7 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nextcloud:nextcloud_mail:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nextcloud_mail",
"vendor": "nextcloud",
"versions": [
{
"lessThan": "1.14.6",
"status": "affected",
"version": "1.9.0",
"versionType": "custom"
},
{
"lessThan": "2.2.11",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
},
{
"lessThan": "3.6.3",
"status": "affected",
"version": "3.1.0",
"versionType": "custom"
},
{
"lessThan": "15.4.0",
"status": "affected",
"version": "1.15.0",
"versionType": "custom"
},
{
"lessThan": "3.7.7",
"status": "affected",
"version": "3.7.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T18:12:55.485493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T18:17:04.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.9.0, \u003c 1.14.6"
},
{
"status": "affected",
"version": "\u003e= 2.1.0, \u003c 2.2.11"
},
{
"status": "affected",
"version": "\u003e= 3.1.0, \u003c 3.6.3"
},
{
"status": "affected",
"version": "\u003e= 1.15.0, \u003c 1.15.4"
},
{
"status": "affected",
"version": "\u003e= 3.7.0, \u003c 3.7.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like user@example.tld that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would be send to the server of the attacker. It is recommended that the Nextcloud Mail app is upgraded to 1.14.6, 1.15.4, 2.2.11, 3.6.3, 3.7.7 or 4.0.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:34:21.900Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vmhx-hwph-q6mc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vmhx-hwph-q6mc"
},
{
"name": "https://github.com/nextcloud/mail/pull/9964",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/pull/9964"
},
{
"name": "https://github.com/nextcloud/mail/commit/a84c70e15d814dab6f0e8eda71bbaaf48152079b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/commit/a84c70e15d814dab6f0e8eda71bbaaf48152079b"
},
{
"name": "https://hackerone.com/reports/2508422",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/2508422"
}
],
"source": {
"advisory": "GHSA-vmhx-hwph-q6mc",
"discovery": "UNKNOWN"
},
"title": "Nextcloud Mail auto configurator can be tricked into sending account information to wrong servers"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52508",
"datePublished": "2024-11-15T17:34:21.900Z",
"dateReserved": "2024-11-11T18:49:23.558Z",
"dateUpdated": "2024-11-15T18:17:04.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48307 (GCVE-0-2023-48307)
Vulnerability from cvelistv5 – Published: 2023-11-21 22:22 – Updated: 2024-08-02 21:23
VLAI?
Title
Nextcloud Mail app vulnerable to Server-Side Request Forgery
Summary
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 contain a patch for this issue. As a workaround, disable the mail app.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 1.13.0, < 2.2.8
Affected: >= 3.1.0, < 3.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:23:39.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4pp4-m8ph-2999",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4pp4-m8ph-2999"
},
{
"name": "https://github.com/nextcloud/mail/pull/8709",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/mail/pull/8709"
},
{
"name": "https://hackerone.com/reports/1869714",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1869714"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c 2.2.8"
},
{
"status": "affected",
"version": "\u003e= 3.1.0, \u003c 3.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 contain a patch for this issue. As a workaround, disable the mail app."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-21T22:22:56.780Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4pp4-m8ph-2999",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4pp4-m8ph-2999"
},
{
"name": "https://github.com/nextcloud/mail/pull/8709",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/pull/8709"
},
{
"name": "https://hackerone.com/reports/1869714",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1869714"
}
],
"source": {
"advisory": "GHSA-4pp4-m8ph-2999",
"discovery": "UNKNOWN"
},
"title": "Nextcloud Mail app vulnerable to Server-Side Request Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48307",
"datePublished": "2023-11-21T22:22:56.780Z",
"dateReserved": "2023-11-14T17:41:15.572Z",
"dateUpdated": "2024-08-02T21:23:39.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45660 (GCVE-0-2023-45660)
Vulnerability from cvelistv5 – Published: 2023-10-16 18:32 – Updated: 2024-09-13 19:36
VLAI?
Title
Require strict cookies for image proxy requests in Nextcloud Mail
Summary
Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0. There are no known workarounds for this vulnerability.
Severity ?
4.3 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 2.0.0, < 2.2.8
Affected: >= 3.0.0, < 3.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8j9x-fmww-qr37",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8j9x-fmww-qr37"
},
{
"name": "https://github.com/nextcloud/mail/pull/8459",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/mail/pull/8459"
},
{
"name": "https://hackerone.com/reports/1895874",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1895874"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T19:22:39.279370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T19:36:36.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.2.8"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T18:32:00.486Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8j9x-fmww-qr37",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8j9x-fmww-qr37"
},
{
"name": "https://github.com/nextcloud/mail/pull/8459",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/pull/8459"
},
{
"name": "https://hackerone.com/reports/1895874",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1895874"
}
],
"source": {
"advisory": "GHSA-8j9x-fmww-qr37",
"discovery": "UNKNOWN"
},
"title": "Require strict cookies for image proxy requests in Nextcloud Mail"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45660",
"datePublished": "2023-10-16T18:32:00.486Z",
"dateReserved": "2023-10-10T14:36:40.859Z",
"dateUpdated": "2024-09-13T19:36:36.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33184 (GCVE-0-2023-33184)
Vulnerability from cvelistv5 – Published: 2023-05-27 04:36 – Updated: 2025-01-14 18:17
VLAI?
Title
Blind SSRF in the Nextcloud Mail app on avatar endpoint
Summary
Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 1.15.3
Affected: < 2.2.5 Affected: < 3.02 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gph-9895-w564",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gph-9895-w564"
},
{
"name": "https://github.com/nextcloud/mail/pull/8275",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/mail/pull/8275"
},
{
"name": "https://hackerone.com/reports/1913095",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1913095"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33184",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T18:17:35.371896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T18:17:48.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 1.15.3"
},
{
"status": "affected",
"version": "\u003c 2.2.5"
},
{
"status": "affected",
"version": "\u003c 3.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-27T04:36:01.535Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gph-9895-w564",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gph-9895-w564"
},
{
"name": "https://github.com/nextcloud/mail/pull/8275",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/pull/8275"
},
{
"name": "https://hackerone.com/reports/1913095",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1913095"
}
],
"source": {
"advisory": "GHSA-8gph-9895-w564",
"discovery": "UNKNOWN"
},
"title": "Blind SSRF in the Nextcloud Mail app on avatar endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-33184",
"datePublished": "2023-05-27T04:36:01.535Z",
"dateReserved": "2023-05-17T22:25:50.697Z",
"dateUpdated": "2025-01-14T18:17:48.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25160 (GCVE-0-2023-25160)
Vulnerability from cvelistv5 – Published: 2023-02-13 20:19 – Updated: 2025-03-10 21:12
VLAI?
Title
IDOR Vulnerability in Nextcloud Mail
Summary
Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25, Mail 1.14.5 for Nextcloud 22-24, Mail 1.12.9 for Nextcloud 21, or Mail 1.11.8 for Nextcloud 20 to receive a patch. No known workarounds are available.
Severity ?
4.1 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 1.11.8
Affected: >= 1.12.0, < 1.12.9 Affected: >= 1.13.0, < 1.14.5 Affected: >= 2.0.0, < 2.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:36.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m45f-r5gh-h6cx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m45f-r5gh-h6cx"
},
{
"name": "https://github.com/nextcloud/mail/pull/7740",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/mail/pull/7740"
},
{
"name": "https://hackerone.com/reports/1784681",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1784681"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:57:50.648352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:12:50.353Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 1.11.8"
},
{
"status": "affected",
"version": "\u003e= 1.12.0, \u003c 1.12.9"
},
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c 1.14.5"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25, Mail 1.14.5 for Nextcloud 22-24, Mail 1.12.9 for Nextcloud 21, or Mail 1.11.8 for Nextcloud 20 to receive a patch. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-13T20:19:08.774Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m45f-r5gh-h6cx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m45f-r5gh-h6cx"
},
{
"name": "https://github.com/nextcloud/mail/pull/7740",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/pull/7740"
},
{
"name": "https://hackerone.com/reports/1784681",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1784681"
}
],
"source": {
"advisory": "GHSA-m45f-r5gh-h6cx",
"discovery": "UNKNOWN"
},
"title": "IDOR Vulnerability in Nextcloud Mail"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25160",
"datePublished": "2023-02-13T20:19:08.774Z",
"dateReserved": "2023-02-03T16:59:18.245Z",
"dateUpdated": "2025-03-10T21:12:50.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23943 (GCVE-0-2023-23943)
Vulnerability from cvelistv5 – Published: 2023-02-06 20:18 – Updated: 2025-03-10 21:16
VLAI?
Title
Blind SSRF via server URL input in the Nextcloud Mail app
Summary
Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is upgraded to 1.15.0 or 2.2.2. The only known workaround for this issue is to completely disable the nextcloud mail app.
Severity ?
5 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 2.0.0, < 2.2.2
Affected: < 1.15.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:49:08.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gcx-r739-9pf6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gcx-r739-9pf6"
},
{
"name": "https://github.com/nextcloud/mail/pull/7796",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/mail/pull/7796"
},
{
"name": "https://hackerone.com/reports/1736390",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1736390"
},
{
"name": "https://hackerone.com/reports/1741525",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1741525"
},
{
"name": "https://hackerone.com/reports/1746582",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1746582"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23943",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T21:01:20.442040Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:16:03.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.2.2"
},
{
"status": "affected",
"version": "\u003c 1.15.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is upgraded to 1.15.0 or 2.2.2. The only known workaround for this issue is to completely disable the nextcloud mail app."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-06T20:18:33.641Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gcx-r739-9pf6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gcx-r739-9pf6"
},
{
"name": "https://github.com/nextcloud/mail/pull/7796",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/pull/7796"
},
{
"name": "https://hackerone.com/reports/1736390",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1736390"
},
{
"name": "https://hackerone.com/reports/1741525",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1741525"
},
{
"name": "https://hackerone.com/reports/1746582",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1746582"
}
],
"source": {
"advisory": "GHSA-8gcx-r739-9pf6",
"discovery": "UNKNOWN"
},
"title": "Blind SSRF via server URL input in the Nextcloud Mail app"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-23943",
"datePublished": "2023-02-06T20:18:33.641Z",
"dateReserved": "2023-01-19T21:12:31.362Z",
"dateUpdated": "2025-03-10T21:16:03.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23944 (GCVE-0-2023-23944)
Vulnerability from cvelistv5 – Published: 2023-02-06 19:35 – Updated: 2025-03-10 21:16
VLAI?
Title
Nexcloud Mail app temporarily stores cleartext password in database
Summary
Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user passwords until the OAuth setup has been completed. It is recommended that the Nextcloud Mail app is upgraded to 2.2.2. There are no known workarounds for this issue.
Severity ?
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 2.2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:49:07.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g86r-x755-93f4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g86r-x755-93f4"
},
{
"name": "https://github.com/nextcloud/mail/pull/7797",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/mail/pull/7797"
},
{
"name": "https://hackerone.com/reports/1806275",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1806275"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23944",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:58:26.539868Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:16:09.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 2.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user\u0027s passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user passwords until the OAuth setup has been completed. It is recommended that the Nextcloud Mail app is upgraded to 2.2.2. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-06T19:35:31.498Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g86r-x755-93f4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g86r-x755-93f4"
},
{
"name": "https://github.com/nextcloud/mail/pull/7797",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/pull/7797"
},
{
"name": "https://hackerone.com/reports/1806275",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1806275"
}
],
"source": {
"advisory": "GHSA-g86r-x755-93f4",
"discovery": "UNKNOWN"
},
"title": "Nexcloud Mail app temporarily stores cleartext password in database"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-23944",
"datePublished": "2023-02-06T19:35:31.498Z",
"dateReserved": "2023-01-19T21:12:31.362Z",
"dateUpdated": "2025-03-10T21:16:09.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31119 (GCVE-0-2022-31119)
Vulnerability from cvelistv5 – Published: 2022-08-04 17:15 – Updated: 2025-04-23 17:53
VLAI?
Title
Password disclosure in log file in Nextcloud Mail App
Summary
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is recommended that the Nextcloud Mail is upgraded to 1.12.1. Operators should inspect their logs and remove passwords which have been logged. There are no workarounds to prevent logging in the event of a misconfiguration.
Severity ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 1.12.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-63m3-w68h-3wjg"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/mail/issues/823"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/mail/pull/6488/commits/ab9ade57fbc1f465ffe905248f93f328d638d7e5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31119",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:02:22.954022Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:53:40.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 1.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is recommended that the Nextcloud Mail is upgraded to 1.12.1. Operators should inspect their logs and remove passwords which have been logged. There are no workarounds to prevent logging in the event of a misconfiguration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-04T17:15:17.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-63m3-w68h-3wjg"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/issues/823"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/pull/6488/commits/ab9ade57fbc1f465ffe905248f93f328d638d7e5"
}
],
"source": {
"advisory": "GHSA-63m3-w68h-3wjg",
"discovery": "UNKNOWN"
},
"title": "Password disclosure in log file in Nextcloud Mail App",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31119",
"STATE": "PUBLIC",
"TITLE": "Password disclosure in log file in Nextcloud Mail App"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_value": "\u003c 1.12.1"
}
]
}
}
]
},
"vendor_name": "nextcloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is recommended that the Nextcloud Mail is upgraded to 1.12.1. Operators should inspect their logs and remove passwords which have been logged. There are no workarounds to prevent logging in the event of a misconfiguration."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Insertion of Sensitive Information into Log File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-63m3-w68h-3wjg",
"refsource": "CONFIRM",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-63m3-w68h-3wjg"
},
{
"name": "https://github.com/nextcloud/mail/issues/823",
"refsource": "MISC",
"url": "https://github.com/nextcloud/mail/issues/823"
},
{
"name": "https://github.com/nextcloud/mail/pull/6488/commits/ab9ade57fbc1f465ffe905248f93f328d638d7e5",
"refsource": "MISC",
"url": "https://github.com/nextcloud/mail/pull/6488/commits/ab9ade57fbc1f465ffe905248f93f328d638d7e5"
}
]
},
"source": {
"advisory": "GHSA-63m3-w68h-3wjg",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31119",
"datePublished": "2022-08-04T17:15:17.000Z",
"dateReserved": "2022-05-18T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:53:40.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31132 (GCVE-0-2022-31132)
Vulnerability from cvelistv5 – Published: 2022-08-04 17:10 – Updated: 2025-04-23 17:53
VLAI?
Title
Unauthenticated SSRF in 3rd party module "cerdic/csstidy"
Summary
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path `./vendor/cerdic/css-tidy/css_optimiser.php`. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery (SSRF). It is recommendet to upgrade to Mail 1.12.7 or Mail 1.13.6. Users unable to upgrade may manually delete the file located at `./vendor/cerdic/css-tidy/css_optimiser.php`
Severity ?
8.3 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 1.12.8
Affected: >= 1.13.0, < 1.13.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24pm-rjfv-23mh"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:52:23.389489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:53:46.349Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 1.12.8"
},
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c 1.13.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path `./vendor/cerdic/css-tidy/css_optimiser.php`. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery (SSRF). It is recommendet to upgrade to Mail 1.12.7 or Mail 1.13.6. Users unable to upgrade may manually delete the file located at `./vendor/cerdic/css-tidy/css_optimiser.php`"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-04T17:10:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24pm-rjfv-23mh"
}
],
"source": {
"advisory": "GHSA-24pm-rjfv-23mh",
"discovery": "UNKNOWN"
},
"title": "Unauthenticated SSRF in 3rd party module \"cerdic/csstidy\"",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31132",
"STATE": "PUBLIC",
"TITLE": "Unauthenticated SSRF in 3rd party module \"cerdic/csstidy\""
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_value": "\u003c 1.12.8"
},
{
"version_value": "\u003e= 1.13.0, \u003c 1.13.6"
}
]
}
}
]
},
"vendor_name": "nextcloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path `./vendor/cerdic/css-tidy/css_optimiser.php`. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery (SSRF). It is recommendet to upgrade to Mail 1.12.7 or Mail 1.13.6. Users unable to upgrade may manually delete the file located at `./vendor/cerdic/css-tidy/css_optimiser.php`"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24pm-rjfv-23mh",
"refsource": "CONFIRM",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24pm-rjfv-23mh"
}
]
},
"source": {
"advisory": "GHSA-24pm-rjfv-23mh",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31132",
"datePublished": "2022-08-04T17:10:10.000Z",
"dateReserved": "2022-05-18T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:53:46.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39220 (GCVE-0-2021-39220)
Vulnerability from cvelistv5 – Published: 2021-10-25 18:55 – Updated: 2024-08-04 01:58
VLAI?
Title
Bypass of image blocking in Nextcloud Mail
Summary
Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommended that the Nextcloud Mail application is upgraded to 1.10.4 or 1.11.0. There are no known workarounds aside from upgrading.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 1.10.4, < 1.11.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:18.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q9v-wm8r-rcv5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/mail/pull/5470"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1308147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 1.10.4, \u003c 1.11.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommended that the Nextcloud Mail application is upgraded to 1.10.4 or 1.11.0. There are no known workarounds aside from upgrading."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-25T18:55:14",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q9v-wm8r-rcv5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/pull/5470"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1308147"
}
],
"source": {
"advisory": "GHSA-6q9v-wm8r-rcv5",
"discovery": "UNKNOWN"
},
"title": "Bypass of image blocking in Nextcloud Mail",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-39220",
"STATE": "PUBLIC",
"TITLE": "Bypass of image blocking in Nextcloud Mail"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_value": "\u003c 1.10.4, \u003c 1.11.0"
}
]
}
}
]
},
"vendor_name": "nextcloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommended that the Nextcloud Mail application is upgraded to 1.10.4 or 1.11.0. There are no known workarounds aside from upgrading."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q9v-wm8r-rcv5",
"refsource": "CONFIRM",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q9v-wm8r-rcv5"
},
{
"name": "https://github.com/nextcloud/mail/pull/5470",
"refsource": "MISC",
"url": "https://github.com/nextcloud/mail/pull/5470"
},
{
"name": "https://hackerone.com/reports/1308147",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1308147"
}
]
},
"source": {
"advisory": "GHSA-6q9v-wm8r-rcv5",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-39220",
"datePublished": "2021-10-25T18:55:14",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-08-04T01:58:18.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32707 (GCVE-0-2021-32707)
Vulnerability from cvelistv5 – Published: 2021-07-12 19:05 – Updated: 2024-08-03 23:25
VLAI?
Title
Bypass of image blocking in Nextcloud Mail
Summary
Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attribute. Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage. The issue was patched in version 1.9.6 and 1.10.0. No workarounds are known to exist.
Severity ?
4.3 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 1.9.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:31.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xxp4-44xc-8crh"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/mail/pull/5189"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1215251"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 1.9.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attribute. Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage. The issue was patched in version 1.9.6 and 1.10.0. No workarounds are known to exist."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-12T19:05:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xxp4-44xc-8crh"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/mail/pull/5189"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1215251"
}
],
"source": {
"advisory": "GHSA-xxp4-44xc-8crh",
"discovery": "UNKNOWN"
},
"title": "Bypass of image blocking in Nextcloud Mail",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32707",
"STATE": "PUBLIC",
"TITLE": "Bypass of image blocking in Nextcloud Mail"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_value": "\u003c 1.9.6"
}
]
}
}
]
},
"vendor_name": "nextcloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attribute. Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage. The issue was patched in version 1.9.6 and 1.10.0. No workarounds are known to exist."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xxp4-44xc-8crh",
"refsource": "CONFIRM",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xxp4-44xc-8crh"
},
{
"name": "https://github.com/nextcloud/mail/pull/5189",
"refsource": "MISC",
"url": "https://github.com/nextcloud/mail/pull/5189"
},
{
"name": "https://hackerone.com/reports/1215251",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1215251"
}
]
},
"source": {
"advisory": "GHSA-xxp4-44xc-8crh",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32707",
"datePublished": "2021-07-12T19:05:13",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:31.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32652 (GCVE-0-2021-32652)
Vulnerability from cvelistv5 – Published: 2021-06-01 19:05 – Updated: 2024-08-03 23:25
VLAI?
Title
Missing permission check on email metadata retrieval
Summary
Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users. Versions 1.4.3 and 1.8.2 contain patches for this vulnerability; no workarounds other than the patches are known to exist.
Severity ?
8.8 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 1.4.3
Affected: >= 1.5.5, < 1.8.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:31.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mxx2-6rg9-v2vc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1094063"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.3"
},
{
"status": "affected",
"version": "\u003e= 1.5.5, \u003c 1.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users. Versions 1.4.3 and 1.8.2 contain patches for this vulnerability; no workarounds other than the patches are known to exist."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-01T19:05:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mxx2-6rg9-v2vc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1094063"
}
],
"source": {
"advisory": "GHSA-mxx2-6rg9-v2vc",
"discovery": "UNKNOWN"
},
"title": "Missing permission check on email metadata retrieval",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32652",
"STATE": "PUBLIC",
"TITLE": "Missing permission check on email metadata retrieval"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_value": "\u003c 1.4.3"
},
{
"version_value": "\u003e= 1.5.5, \u003c 1.8.2"
}
]
}
}
]
},
"vendor_name": "nextcloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users. Versions 1.4.3 and 1.8.2 contain patches for this vulnerability; no workarounds other than the patches are known to exist."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mxx2-6rg9-v2vc",
"refsource": "CONFIRM",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mxx2-6rg9-v2vc"
},
{
"name": "https://hackerone.com/reports/1094063",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1094063"
}
]
},
"source": {
"advisory": "GHSA-mxx2-6rg9-v2vc",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32652",
"datePublished": "2021-06-01T19:05:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:31.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2025-AVI-1066
Vulnerability from certfr_avis - Published: 2025-12-05 - Updated: 2025-12-05
De multiples vulnérabilités ont été découvertes dans les produits Nextcloud. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | Server | Server versions 28.0.x antérieures à 28.0.14.11 | ||
| Nextcloud | Groupfolders | Groupfolders versions 15.3.x antérieures à 15.3.12 | ||
| Nextcloud | Server | Server versions 30.0.x antérieures à 30.0.17.3 | ||
| Nextcloud | Server | Server versions 31.0.x antérieures à 31.0.12 | ||
| Nextcloud | Calendar | Calendar versions 5.x antérieures à 5.5.6 | ||
| Nextcloud | Deck | Deck versions 1.14.x antérieures à 1.14.4 | ||
| Nextcloud | Groupfolders | Groupfolders versions 19.1.x antérieures à 19.1.8 | ||
| Nextcloud | Server | Server versions 29.0.x antérieures à 29.0.16.8 | ||
| Nextcloud | Groupfolders | Groupfolders versions 16.0.x antérieures à 16.0.15 | ||
| Nextcloud | Calendar | Calendar versions 4.x antérieures à 4.7.19 | ||
| Nextcloud | Approval | Approval versions 2.x antérieures à 2.5.0 | ||
| Nextcloud | Groupfolders | Groupfolders versions 18.1.x antérieures à 18.1.8 | ||
| Nextcloud | Deck | Deck versions 1.15.x antérieures à 1.15.1 | ||
| Nextcloud | Tables | Tables versions antérieures à 1.0.1 | ||
| Nextcloud | Server | Server versions 32.0.x antérieures à 32.0.3 | ||
| Nextcloud | Approval | Approval versions 1.x antérieures à 1.3.1 | ||
| Nextcloud | Calendar | Calendar versions 6.0.x antérieures à 6.0.3 | ||
| Nextcloud | Deck | Deck versions 1.12.x antérieures à 1.12.7 | ||
| Nextcloud | Groupfolders | Groupfolders versions 17.0.x antérieures à 17.0.14 | ||
| Nextcloud | Mail versions antérieures à 5.5.3 | |||
| Nextcloud | Groupfolders | Groupfolders versions 14.0.x antérieures à 14.0.11 | ||
| Nextcloud | Groupfolders | Groupfolders versions 20.1.x antérieures à 20.1.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Server versions 28.0.x ant\u00e9rieures \u00e0 28.0.14.11",
"product": {
"name": "Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Groupfolders versions 15.3.x ant\u00e9rieures \u00e0 15.3.12",
"product": {
"name": "Groupfolders",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 30.0.x ant\u00e9rieures \u00e0 30.0.17.3",
"product": {
"name": "Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 31.0.x ant\u00e9rieures \u00e0 31.0.12",
"product": {
"name": "Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Calendar versions 5.x ant\u00e9rieures \u00e0 5.5.6",
"product": {
"name": "Calendar",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Deck versions 1.14.x ant\u00e9rieures \u00e0 1.14.4",
"product": {
"name": "Deck",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Groupfolders versions 19.1.x ant\u00e9rieures \u00e0 19.1.8",
"product": {
"name": "Groupfolders",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 29.0.x ant\u00e9rieures \u00e0 29.0.16.8",
"product": {
"name": "Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Groupfolders versions 16.0.x ant\u00e9rieures \u00e0 16.0.15",
"product": {
"name": "Groupfolders",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Calendar versions 4.x ant\u00e9rieures \u00e0 4.7.19",
"product": {
"name": "Calendar",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Approval versions 2.x ant\u00e9rieures \u00e0 2.5.0",
"product": {
"name": "Approval",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Groupfolders versions 18.1.x ant\u00e9rieures \u00e0 18.1.8",
"product": {
"name": "Groupfolders",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Deck versions 1.15.x ant\u00e9rieures \u00e0 1.15.1",
"product": {
"name": "Deck",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Tables versions ant\u00e9rieures \u00e0 1.0.1",
"product": {
"name": "Tables",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 32.0.x ant\u00e9rieures \u00e0 32.0.3",
"product": {
"name": "Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Approval versions 1.x ant\u00e9rieures \u00e0 1.3.1",
"product": {
"name": "Approval",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Calendar versions 6.0.x ant\u00e9rieures \u00e0 6.0.3",
"product": {
"name": "Calendar",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Deck versions 1.12.x ant\u00e9rieures \u00e0 1.12.7",
"product": {
"name": "Deck",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Groupfolders versions 17.0.x ant\u00e9rieures \u00e0 17.0.14",
"product": {
"name": "Groupfolders",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Mail versions ant\u00e9rieures \u00e0 5.5.3",
"product": {
"name": "Mail",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Groupfolders versions 14.0.x ant\u00e9rieures \u00e0 14.0.11",
"product": {
"name": "Groupfolders",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Groupfolders versions 20.1.x ant\u00e9rieures \u00e0 20.1.2",
"product": {
"name": "Groupfolders",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-66511",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66511"
},
{
"name": "CVE-2025-66513",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66513"
},
{
"name": "CVE-2025-66515",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66515"
},
{
"name": "CVE-2025-66546",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66546"
},
{
"name": "CVE-2025-66512",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66512"
},
{
"name": "CVE-2025-66514",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66514"
},
{
"name": "CVE-2025-66545",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66545"
},
{
"name": "CVE-2025-66510",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66510"
},
{
"name": "CVE-2025-66547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66547"
},
{
"name": "CVE-2025-66548",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66548"
}
],
"initial_release_date": "2025-12-05T00:00:00",
"last_revision_date": "2025-12-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1066",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Nextcloud. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Nextcloud",
"vendor_advisories": [
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-q26g-fmjq-x5g5",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q26g-fmjq-x5g5"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-495w-cqv6-wr59",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-495w-cqv6-wr59"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-hq6c-r898-fgf2",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hq6c-r898-fgf2"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-2vrq-fhmf-c49m",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vrq-fhmf-c49m"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-2cwj-qp49-4xfw",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2cwj-qp49-4xfw"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-qcw2-p26m-9gc5",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qcw2-p26m-9gc5"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-7x2j-2674-fj95",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7x2j-2674-fj95"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-v394-8gpc-6fv5",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-v394-8gpc-6fv5"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-whm3-vv55-gf27",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-whm3-vv55-gf27"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-xjvq-xvr7-xpg6",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xjvq-xvr7-xpg6"
}
]
}