PT-2023-29634 · Nextcloud · Nextcloud Mail

Arianitisufi

+2

·

Publicado

2023-10-16

·

Atualizado

2023-10-20

·

CVE-2023-45660

CVSS v3.1

4.3

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions Nextcloud Mail versions prior to 2.2.8 Nextcloud Mail versions prior to 3.3.0
Description The issue is related to a missing check of origin, target, and cookies in Nextcloud Mail, allowing an attacker to abuse the proxy endpoint and cause a denial of service to a third server.
Recommendations For versions prior to 2.2.8, upgrade to 2.2.8. For versions prior to 3.3.0, upgrade to 3.3.0. As a temporary workaround, consider restricting access to the proxy endpoint until a patch is available.

Exploit

Correção

SSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-918

Identificadores relacionados

CVE-2023-45660
GHSA-8J9X-FMWW-QR37

Produtos afetados

Nextcloud Mail