CVE-2024-52508

Name of the Vulnerable Software and Affected Versions: Nextcloud Mail versions prior to 1.14.6 Nextcloud Mail versions prior to 1.15.4 Nextcloud Mail versions prior to 2.2.11 Nextcloud Mail versions prior to 3.6.3 Nextcloud Mail versions prior to 3.7.7 Nextcloud Mail versions prior to 4.0.0

Description: The issue is related to incorrect automatic configuration in the Nextcloud mail client. An attacker, acting remotely, could exploit this to disclose protected information. This can happen when a user tries to set up a mail account with an email address that does not support auto-configuration, and an attacker has registered a domain that could intercept the email details.

Recommendations: For versions prior to 1.14.6, upgrade to 1.14.6 or later. For versions prior to 1.15.4, upgrade to 1.15.4 or later. For versions prior to 2.2.11, upgrade to 2.2.11 or later. For versions prior to 3.6.3, upgrade to 3.6.3 or later. For versions prior to 3.7.7, upgrade to 3.7.7 or later. For versions prior to 4.0.0, upgrade to 4.0.0 or later.