PT-2023-30769 · Nextcloud · Nextcloud Mail

Arianitisufi

Publicado

2023-11-21

Atualizado

2023-11-30

CVE-2023-48307

CVSS v3.1

3.5

Baixa

Vetor

AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Nextcloud Mail versions 1.13.0 through 2.2.7 Nextcloud Mail versions 2.2.8 is not affected, but versions prior to 3.3.0 are affected, so the correct range is: Nextcloud Mail versions 1.13.0 through 3.2.x

Description Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. An attacker can use an unprotected endpoint in the Mail app to perform a Server-Side Request Forgery (SSRF) attack.

Recommendations For Nextcloud Mail versions 1.13.0 through 2.2.7, update to version 2.2.8 or later. For Nextcloud Mail versions prior to 3.3.0, update to version 3.3.0. As a temporary workaround for all affected versions, consider disabling the mail app.

Exploit

Correção

SSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-918

Identificadores relacionados

CVE-2023-48307

GHSA-4PP4-M8PH-2999

Produtos afetados

Nextcloud Mail

PT-2023-30769 · Nextcloud · Nextcloud Mail

CVE-2023-48307

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8