Lucene search
K

137 matches found

Vulnrichment
Vulnrichment
added 2023/02/06 8:18 p.m.6 views

CVE-2023-23943 Blind SSRF via server URL input in the Nextcloud Mail app

Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is...

5CVSS5.2AI score0.00919EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/02/06 8:18 p.m.40 views

CVE-2023-23943 Blind SSRF via server URL input in the Nextcloud Mail app

Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is...

5CVSS5.2AI score0.00919EPSS
Exploits1References5
OSV
OSV
added 2023/02/06 8:18 p.m.24 views

CVE-2023-23943 Blind SSRF via server URL input in the Nextcloud Mail app

Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is...

5CVSS4.8AI score0.00919EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2023/02/06 7:35 p.m.8 views

CVE-2023-23944 Nexcloud Mail app temporarily stores cleartext password in database

Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user...

2CVSS5.3AI score0.00475EPSS
Exploits0References3
CVE
CVE
added 2023/02/06 7:35 p.m.57 views

CVE-2023-23944

Nextcloud Mail app (for Nextcloud server) stored user passwords in cleartext in the database during the OAuth2 setup procedure in versions prior to 2.2.2. An attacker with database access could read these passwords until OAuth setup completes. Remediation: upgrade the Nextcloud Mail app to versio...

6.5CVSS5AI score0.00475EPSS
Exploits0References3Affected Software1
Nextcloud
Nextcloud
added 2023/02/06 9:47 a.m.134 views

Blind SSRF via server URL input in the Nextcloud Mail app

None...

5CVSS5AI score0.00919EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/21 12:0 a.m.5 views

PT-2022-6377 · Nextcloud · Nextcloud Mail

Name of the Vulnerable Software and Affected Versions: Nextcloud mail versions prior to 1.15.0 Nextcloud mail versions prior to 2.2.2 Description: The issue is related to insufficient validation of incoming requests in the Nextcloud mail client, allowing a remote attacker to scan internal service...

5CVSS4.5AI score0.00919EPSS
Exploits1References10
Hacker One
Hacker One
added 2022/10/22 11:43 a.m.64 views

Nextcloud: Mail app - blind SSRF via smtpHost parameter

A blind SSRF vulnerability was discovered in the Nextcloud Mail application, allowing an attacker to retrieve services running locally on the server and scan the internal network for information. The vulnerability was found in the smtpHost parameter and could be exploited by any user with the mai...

5CVSS4.6AI score0.00919EPSS
Exploits1
NVD
NVD
added 2022/08/04 6:15 p.m.26 views

CVE-2022-31119

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is...

4.9CVSS0.00621EPSS
Exploits0References3
Prion
Prion
added 2022/08/04 6:15 p.m.25 views

Design/Logic Flaw

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is...

3.3CVSS5.3AI score0.00621EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/08/04 5:15 p.m.31 views

CVE-2022-31119 Password disclosure in log file in Nextcloud Mail App

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is...

3.1CVSS5.6AI score0.00621EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/08/04 5:15 p.m.5 views

CVE-2022-31119 Password disclosure in log file in Nextcloud Mail App

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is...

3.1CVSS4.4AI score0.00621EPSS
Exploits0References3
CVE
CVE
added 2022/08/04 5:15 p.m.79 views

CVE-2022-31119

CVE-2022-31119 affects Nextcloud Mail: affected versions log user passwords to disk upon misconfiguration, enabling potential complete account access if log files are compromised. RedHat/Red Hat-affiliated advisories and Nextcloud security notes confirm the issue and recommend upgrading Nextcloud...

4.9CVSS4.7AI score0.00621EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/08/04 5:15 p.m.25 views

CVE-2022-31119 Password disclosure in log file in Nextcloud Mail App

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is...

3.1CVSS5.1AI score0.00621EPSS
Exploits0References5
NVD
NVD
added 2022/08/04 5:15 p.m.37 views

CVE-2022-31132

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/cssoptimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF. It is recommendet t...

9.8CVSS0.00604EPSS
Exploits0References1
Prion
Prion
added 2022/08/04 5:15 p.m.21 views

Server side request forgery (ssrf)

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/cssoptimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF. It is recommendet t...

7.5CVSS9.4AI score0.00604EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/08/04 5:10 p.m.6 views

CVE-2022-31132 Unauthenticated SSRF in 3rd party module "cerdic/csstidy"

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/cssoptimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF. It is recommendet t...

8.3CVSS9.5AI score0.00604EPSS
Exploits0References1
CVE
CVE
added 2022/08/04 5:10 p.m.93 views

CVE-2022-31132

The CVE-2022-31132 issue affects Nextcloud Mail where versions shipped with the CSS minifier at ./vendor/cerdic/css-tidy/css_optimiser.php expose an unrestricted interface, enabling unauthenticated SSRF. Affected software is Nextcloud Mail; impact is described as Server-Side Request Forgery with ...

9.8CVSS9.2AI score0.00604EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/04 5:10 p.m.38 views

CVE-2022-31132 Unauthenticated SSRF in 3rd party module "cerdic/csstidy"

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/cssoptimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF. It is recommendet t...

8.3CVSS9.8AI score0.00604EPSS
Exploits0References1
OSV
OSV
added 2022/08/04 5:10 p.m.26 views

CVE-2022-31132 Unauthenticated SSRF in 3rd party module "cerdic/csstidy"

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/cssoptimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF. It is recommendet t...

8.3CVSS9.2AI score0.00604EPSS
Exploits0References3
Rows per page
Query Builder