Lucene search
GoogleOSV:CVE-2022-31131HistoryJul 06, 2022 - 6:15 p.m.
CVE-2022-31131
2022-07-0618:15:19
Google
osv.dev
2
Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended that the Nextcloud Mail app is upgraded to 1.12.2. There are no known workarounds for this issue. ### Workarounds No workaround available ### References * Pull request * HackerOne ### For more information If you have any questions or comments about this advisory: * Create a post in nextcloud/security-advisories * Customers: Open a support ticket at support.nextcloud.com
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 0.8.3-alpha1 | ||
| eq | 1.11.0-rc1 | ||
| eq | 1.5.0-alpha3 | ||
| eq | 0.12.0-alpha1 | ||
| eq | 1.3.3 | ||
| eq | 0.4.4 | ||
| eq | 1.10.0-alpha.7 | ||
| eq | 0.1.0 | ||
| eq | 1.8.0 | ||
| eq | 0.3.0 |
Related
nextcloud
nextcloud
Ownership check missing when updating or deleting mail attachments
2022-07-06 17:18:10
hackerone
hackerone
Nextcloud: Ownership check missing when updating or deleting attachments
2022-05-24 12:53:28
cvelist
cvelist
nvd
nvd
CVE-2022-31131
2022-07-06 18:15:19
cve
cve
CVE-2022-31131
2022-07-06 18:15:19
prion
prion
Design/Logic Flaw
2022-07-06 18:15:00