PT-2023-29634 · Nextcloud · Nextcloud Mail
Arianitisufi
+2
·
Published
2023-10-16
·
Updated
2023-10-20
·
CVE-2023-45660
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Nextcloud Mail versions prior to 2.2.8
Nextcloud Mail versions prior to 3.3.0
Description
The issue is related to a missing check of origin, target, and cookies in Nextcloud Mail, allowing an attacker to abuse the proxy endpoint and cause a denial of service to a third server.
Recommendations
For versions prior to 2.2.8, upgrade to 2.2.8.
For versions prior to 3.3.0, upgrade to 3.3.0.
As a temporary workaround, consider restricting access to the proxy endpoint until a patch is available.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nextcloud Mail