CVE-2023-33184 – Blind SSRF in the Nextcloud Mail app on avatar endpoint
https://notcve.org/view.php?id=CVE-2023-33184
Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3. • https://github.com/nextcloud/mail/pull/8275 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gph-9895-w564 https://hackerone.com/reports/1913095 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2022-31131 – Ownership check missing when updating or deleting mail attachments in Nextcloud mail
https://notcve.org/view.php?id=CVE-2022-31131
Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended that the Nextcloud Mail app is upgraded to 1.12.2. There are no known workarounds for this issue. ### Workarounds No workaround available ### References * [Pull request](https://github.com/nextcloud/mail/pull/6600) * [HackerOne](https://hackerone.com/reports/1579820) ### For more information If you have any questions or comments about this advisory: * Create a post in [nextcloud/security-advisories](https://github.com/nextcloud/security-advisories/discussions) * Customers: Open a support ticket at [support.nextcloud.com](https://support.nextcloud.com) Nextcloud mail es una aplicación de correo para el producto Nextcloud home server. • https://github.com/nextcloud/mail/pull/6600 https://github.com/nextcloud/mail/pull/6600/commits/6dd2527be8d4f6788b449c8a8f5577628b990605 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xhv7-5mhv-299j • CWE-287: Improper Authentication CWE-639: Authorization Bypass Through User-Controlled Key •
CVE-2021-32707 – Bypass of image blocking in Nextcloud Mail
https://notcve.org/view.php?id=CVE-2021-32707
Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attribute. Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage. The issue was patched in version 1.9.6 and 1.10.0. • https://github.com/nextcloud/mail/pull/5189 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xxp4-44xc-8crh https://hackerone.com/reports/1215251 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-32652 – Missing permission check on email metadata retrieval
https://notcve.org/view.php?id=CVE-2021-32652
Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users. Versions 1.4.3 and 1.8.2 contain patches for this vulnerability; no workarounds other than the patches are known to exist. Nextcloud Mail es una aplicación de correo para la plataforma Nextcloud. Una falta de comprobación de permisos en Nextcloud Mail versiones anteriores a 1.4.3 y 1.8.2, permite a otro usuario autentificado acceder a los metadatos de correo de otros usuarios. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mxx2-6rg9-v2vc https://hackerone.com/reports/1094063 • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVE-2020-8156
https://notcve.org/view.php?id=CVE-2020-8156
A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack. Una falta de verificación del host TLS en Nextcloud Mail versión 1.1.3, permitió un ataque de tipo man-in-the-middle. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KC6HLX5SG4PZO6Y54D2LFJ4ATG76BKOP https://nextcloud.com/security/advisory/?id=NC-SA-2020-020 • CWE-295: Improper Certificate Validation •