Mail@* Security Vulnerabilities and Issues — Mail@* CVE List

NextcloudMail*

10 matches found

CVE•added 2022/08/04 5:10 p.m.•91 views

CVE-2022-31132

The CVE-2022-31132 issue affects Nextcloud Mail where versions shipped with the CSS minifier at ./vendor/cerdic/css-tidy/css_optimiser.php expose an unrestricted interface, enabling unauthenticated SSRF. Affected software is Nextcloud Mail; impact is described as Server-Side Request Forgery with ...

9.8CVSS9.2AI score0.00604EPSS

CVE•added 2022/08/04 5:15 p.m.•76 views

CVE-2022-31119

CVE-2022-31119 affects Nextcloud Mail: affected versions log user passwords to disk upon misconfiguration, enabling potential complete account access if log files are compromised. RedHat/Red Hat-affiliated advisories and Nextcloud security notes confirm the issue and recommend upgrading Nextcloud...

4.9CVSS4.7AI score0.00621EPSS

CVE•added 2021/06/01 7:5 p.m.•73 views

CVE-2021-32652

CVE-2021-32652 affects Nextcloud Mail prior to versions 1.4.3 and 1.8.2, where a missing permission check allows an authenticated user to access mail metadata of other users. Public sources consistently state that versions 1.4.3 and 1.8.2 include patches; no workarounds beyond upgrading are known...

8.8CVSS4.8AI score0.01107EPSS

CVE•added 2023/02/06 8:18 p.m.•71 views

CVE-2023-23943

The CVE-2023-23943 entry affects Nextcloud Mail. Affected: Nextcloud Mail app; issue: insufficient validation of incoming requests in the smtpHost/server URL input allows blind SSRF to scan internal/local-network services; impact: documented as enabling discovery of internal services reachable fr...

5CVSS4.4AI score0.00919EPSS

CVE•added 2023/02/13 8:19 p.m.•62 views

CVE-2023-25160

CVE-2023-25160 (Nextcloud Mail) is an IDOR vulnerability in Nextcloud Mail that lets an attacker access a mailbox by ID, revealing subjects and the first characters of emails. Affected versions are Nextcloud Mail prior to 2.2.1 (Nextcloud 25), 1.14.5 (Nextcloud 22–24), 1.12.9 (Nextcloud 21), and ...

5.3CVSS4.8AI score0.0046EPSS

CVE•added 2021/07/12 7:5 p.m.•60 views

CVE-2021-32707

CVE-2021-32707 affects Nextcloud Mail prior to version 1.9.6: the privacy filter did not filter images with a background-image CSS attribute, allowing a remote CSS background image to reveal whether an email was read. Images passed through the Nextcloud image proxy, so IP leakage was not reported...

4.3CVSS4.4AI score0.01146EPSS

CVE•added 2023/02/06 7:35 p.m.•57 views

CVE-2023-23944

Nextcloud Mail app (for Nextcloud server) stored user passwords in cleartext in the database during the OAuth2 setup procedure in versions prior to 2.2.2. An attacker with database access could read these passwords until OAuth setup completes. Remediation: upgrade the Nextcloud Mail app to versio...

6.5CVSS5AI score0.00475EPSS

CVE•added 2020/05/12 1:1 p.m.•54 views

CVE-2020-8156

CVE-2020-8156: Nextcloud Mail 1.1.3 has missing TLS host verification, enabling a man-in-the-middle attack. Affected component: Nextcloud Mail 1.1.3. Root cause: inadequate TLS host verification. Impact: potential eavesdropping/alteration of mail data (confidentiality/integrity) and partial avail...

7CVSS7AI score0.00933EPSS

CVE•added 2021/10/25 6:55 p.m.•50 views

CVE-2021-39220

Summary: CVE-2021-39220 affects the Nextcloud Mail application. The issue is an information-disclosure due to a privacy filter that fails to filter images using relative protocols, allowing leakage of read state or user IP. Affected versions: Nextcloud Mail prior to 1.10.4 and 1.11.0. Root cause:...

3.5CVSS3.7AI score0.00759EPSS

CVE•added 2025/12/05 5:32 p.m.•17 views

CVE-2025-66514

Nextcloud Mail prior to version 5.5.3 contains a stored HTML injection issue in the message list that lets an authenticated user inject HTML into email subjects. The Nextcloud Server content security policy blocks Javascript, which mitigates some risk. The issue is addressed by upgrading to Nextc...

5.4CVSS6.3AI score0.00204EPSS