2 matches found
CVE-2022-31131 Ownership check missing when updating or deleting mail attachments in Nextcloud mail
Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended...
CVE-2022-31131
CVE-2022-31131 affects Nextcloud Mail prior to version 1.12.2, where tasks related to mail attachments lack proper user ownership checks. This could allow attachments to be exposed to or manipulated by incorrect system users when updating or deleting entries in oc_mail_attachments. Impact is desc...