Overview
- Description
- Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_mail:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "506B11C3-92C7-4603-92D3-2744B109B020",
"versionEndExcluding": "1.15.3",
"versionStartIncluding": "1.13.0"
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_mail:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B7A32987-2AE3-4752-BF1D-30CABED09667",
"versionEndExcluding": "2.2.5",
"versionStartIncluding": "2.2.0"
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_mail:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "873B8F92-E210-4354-9CF7-5D97365E0A9E",
"versionEndExcluding": "3.0.2",
"versionStartIncluding": "2.3.0"
}
],
"operator": "OR"
}
]
}
]