PT-2023-19314 · Nextcloud · Nextcloud Mail

Christophwurst

Publicado

2023-02-06

Atualizado

2023-02-14

CVE-2023-23944

CVSS v3.1

2.0

Baixa

Vetor

AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Mail versions prior to 2.2.2

Description The issue concerns the storage of user passwords in cleartext in the database during the OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user passwords until the OAuth setup has been completed.

Recommendations For versions prior to 2.2.2, upgrade the Nextcloud Mail app to 2.2.2 to resolve the issue. As a temporary workaround, consider restricting access to the database to minimize the risk of exploitation.

Exploit

Correção

Cleartext Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-312

Identificadores relacionados

CVE-2023-23944

GHSA-G86R-X755-93F4

Produtos afetados

Nextcloud Mail

PT-2023-19314 · Nextcloud · Nextcloud Mail

CVE-2023-23944

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7