PT-2023-19946 · Nextcloud · Nextcloud Mail
Ctulhu
·
Published
2023-02-13
·
Updated
2023-02-22
·
CVE-2023-25160
CVSS v3.1
4.1
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Nextcloud Mail versions prior to 2.2.1
Nextcloud Mail versions prior to 1.14.5
Nextcloud Mail versions prior to 1.12.9
Nextcloud Mail versions prior to 1.11.8
Description
Nextcloud Mail is an email app for the Nextcloud home server platform. An attacker can access the mail box by ID, getting the subjects and the first characters of the emails.
Recommendations
For Nextcloud 25, upgrade to Mail 2.2.1 to receive a patch.
For Nextcloud 22-24, upgrade to Mail 1.14.5 to receive a patch.
For Nextcloud 21, upgrade to Mail 1.12.9 to receive a patch.
For Nextcloud 20, upgrade to Mail 1.11.8 to receive a patch.
Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nextcloud Mail