Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneChristophwurstH1:803734
HistoryFeb 24, 2020 - 2:56 p.m.

Nextcloud: Mail does not verify IMAP/SMTP host connected via TLS

2020-02-2414:56:20
christophwurst
hackerone.com
13

EPSS

0.001

Percentile

50.0%

JSON

The Mail app should verify that the servers it connects to are listed in the certificate’s CN. Otherwise the connection should be aborted.

Originally reported at https://github.com/nextcloud/mail/issues/308

Impact

The app could be forced into connecting to an insecure server.

Related

cvelist 1
nextcloud 1
cve 1
osv 1
prion 1
nvd 1
redhatcve 1
fedora 1
openvas 1
nessus 1
cvelist
cvelist
CVE-2020-8156
2020-05-12 13:01:22
nextcloud
nextcloud
Mail app not verifying TLS host of mail servers (NC-SA-2020-020)
2020-03-24 00:00:00
cve
cve
CVE-2020-8156
2020-05-12 13:15:13
osv
osv
CVE-2020-8156
2020-05-12 13:15:13
prion
prion
Design/Logic Flaw
2020-05-12 13:15:00
nvd
nvd
CVE-2020-8156
2020-05-12 13:15:13
redhatcve
redhatcve
CVE-2020-8154
2022-05-20 22:53:13
fedora
fedora
[SECURITY] Fedora 32 Update: nextcloud-18.0.9-1.fc32
2020-10-19 16:58:39
openvas
openvas
Fedora: Security Advisory for nextcloud (FEDORA-2020-c9863904de)
2020-10-21 00:00:00
nessus
nessus
Fedora 32 : nextcloud (2020-c9863904de)
2020-10-20 00:00:00

EPSS

0.001

Percentile

50.0%

JSON
Related for H1:803734
cvelist1nextcloud1cve1osv1prion1nvd1redhatcve1fedora1openvas1nessus1