CVE-2021-39220

CVSS v3.1

3.5

Low

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Mail versions prior to 1.10.4 and 1.11.0

Description The Nextcloud Mail application has a privacy filter issue that fails to filter images with a relative protocol, potentially leaking the read state or user IP. This issue is due to the default behavior of not rendering images in emails.

Recommendations For versions prior to 1.10.4, upgrade to version 1.10.4. For versions prior to 1.11.0, upgrade to version 1.11.0. As a temporary workaround, consider disabling image rendering in emails until a patch is available.

Fix

Information Disclosure

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-20

Related Identifiers

CVE-2021-39220

GHSA-6Q9V-WM8R-RCV5

Affected Products

Nextcloud Mail

CVE-2021-39220

Weakness Enumeration

Related Identifiers

Affected Products

References · 7