CVE-2023-23943

Name of the Vulnerable Software and Affected Versions Nextcloud mail versions prior to 1.15.0 Nextcloud mail versions prior to 2.2.2

Description The issue is related to insufficient validation of incoming requests in the Nextcloud mail client, allowing a remote attacker to scan internal services and servers accessible from the local network of the Nextcloud server. The SMTP, IMAP, and Sieve host fields are affected, enabling the scanning of internal services and servers reachable from within the local network of the Nextcloud Server.

Recommendations For versions prior to 1.15.0, upgrade to 1.15.0 to resolve the issue. For versions prior to 2.2.2, upgrade to 2.2.2 to resolve the issue. As a temporary workaround, consider completely disabling the Nextcloud mail app until a patch is available.