PT-2023-19946 · Nextcloud · Nextcloud Mail

Ctulhu

Publicado

2023-02-13

Atualizado

2023-02-22

CVE-2023-25160

CVSS v3.1

4.1

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Mail versions prior to 2.2.1 Nextcloud Mail versions prior to 1.14.5 Nextcloud Mail versions prior to 1.12.9 Nextcloud Mail versions prior to 1.11.8

Description Nextcloud Mail is an email app for the Nextcloud home server platform. An attacker can access the mail box by ID, getting the subjects and the first characters of the emails.

Recommendations For Nextcloud 25, upgrade to Mail 2.2.1 to receive a patch. For Nextcloud 22-24, upgrade to Mail 1.14.5 to receive a patch. For Nextcloud 21, upgrade to Mail 1.12.9 to receive a patch. For Nextcloud 20, upgrade to Mail 1.11.8 to receive a patch.

Exploit

Correção

IDOR

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-639

Identificadores relacionados

CVE-2023-25160

GHSA-M45F-R5GH-H6CX

Produtos afetados

Nextcloud Mail

PT-2023-19946 · Nextcloud · Nextcloud Mail

CVE-2023-25160

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7