137 matches found
CVE-2024-52509 Nextcloud Mail app does not respect download permissions in shares
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients...
CVE-2024-52509 Nextcloud Mail app does not respect download permissions in shares
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients...
CVE-2024-52509
Nextcloud Mail vulnerability CVE-2024-52509: the Nextcloud Mail app incorrectly allowed attaching shared files without download permissions as attachments, enabling access to files via mail clients. Root cause: insufficient access control in the mail attachment handling. Affected versions prior t...
Mail auto configurator sends account information to `autoconfig.tld` server when no auto-configuration is possible
None...
Nextcloud Mail 访问控制错误漏洞
Nextcloud Mail is an email from Nextcloud Germany. An access control error vulnerability exists in Nextcloud Mail that stems from allowing shared files without download permissions to be attached as attachments...
PT-2024-9168 · Nextcloud +1 · Nextcloud Mail +1
Name of the Vulnerable Software and Affected Versions: Nextcloud Mail versions prior to 1.14.6 Nextcloud Mail versions prior to 1.15.4 Nextcloud Mail versions prior to 2.2.11 Nextcloud Mail versions prior to 3.6.3 Nextcloud Mail versions prior to 3.7.7 Nextcloud Mail versions prior to 4.0.0...
PT-2024-9167 · Nextcloud +1 · Nextcloud Mail +1
Name of the Vulnerable Software and Affected Versions: Nextcloud Mail versions prior to 2.2.10 Nextcloud Mail versions prior to 3.6.2 Nextcloud Mail versions prior to 3.7.2 Description: The issue is related to insufficient access control in the Nextcloud mail client, allowing a remote attacker to...
Nextcloud Mail 信息泄露漏洞
Nextcloud Mail is an email from Nextcloud Germany. An information disclosure vulnerability exists in Nextcloud Mail. An attacker who exploits this vulnerability by registering autoconfig.tld will have the email details used sent to the attacker's server...
CVE-2023-48307
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 contain a patch for...
Server side request forgery (ssrf)
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 contain a patch for...
CVE-2023-48307
The CVE-2023-48307 entry describes a Server-Side Request Forgery (SSRF) flaw in the Nextcloud Mail app. Affected are Nextcloud Mail versions starting from 1.13.0 up to, but not including, 2.2.8 and up to, but not including, 3.3.0. An attacker can abuse an unprotected endpoint in the Mail app to p...
CVE-2023-48307 Nextcloud Mail app vulnerable to Server-Side Request Forgery
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 contain a patch for...
PT-2023-30769 · Nextcloud · Nextcloud Mail
Name of the Vulnerable Software and Affected Versions: Nextcloud Mail versions 1.13.0 through 2.2.7 Nextcloud Mail versions 2.2.8 is not affected, but versions prior to 3.3.0 are affected, so the correct range is: Nextcloud Mail versions 1.13.0 through 3.2.x Description: Nextcloud Mail is the mai...
Nextcloud Code Issues Vulnerabilities
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A code issue vulnerability exists in Nextcloud Mail versions prior to 2.2.8 and prior to 3.3.0, which can be exploited by an attacker to perform a...
SUSE CVE-2023-45660
Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0...
CVE-2023-45660
Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0...
CVE-2023-45660 Require strict cookies for image proxy requests in Nextcloud Mail
Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0...
CVE-2023-45660 Require strict cookies for image proxy requests in Nextcloud Mail
Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0...
CVE-2023-45660
CVE-2023-45660 affects Nextcloud Mail. The vulnerability arises from a missing check of origin, target and cookies in the image proxy/endpoint, enabling an attacker to abuse the proxy and cause a denial of service to a third server. Affected versions are Nextcloud Mail prior to 2.2.8 and prior to...
CVE-2023-45660 Require strict cookies for image proxy requests in Nextcloud Mail
Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0...