Lucene search

FreeBSD2A314635-BE46-11EC-A06F-D4C9EF517024

HistoryApr 11, 2022 - 12:00 a.m.

Nextcloud Calendar -- SMTP Command Injection

2022-04-1100:00:00

vuxml.freebsd.org

nextcloud

calendar

smtp

command injection

appointment emails

newlines

json request

rcpt to

booking user's email

smtp commands

unix

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

52.4%

JSON

reports:

SMTP Command Injection in Appointment Emails via Newlines: as newlines
and special characters are not sanitized in the email value in the JSON
request, a malicious attacker can inject newlines to break out of the
RCPT TO:<BOOKING USER'S EMAIL> SMTP command and begin injecting
arbitrary SMTP commands.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchnextcloud-calendar< 3.2.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	nextcloud-calendar	< 3.2.2	UNKNOWN

References

github.com/nextcloud/security-advisories/security/advisories/GHSA-8xv5-4855-24qf

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

52.4%

JSON

Related for 2A314635-BE46-11EC-A06F-D4C9EF517024