CVE-2024-52508

Published Nov 15, 2024

Last updated 2 days ago

CVSS high 8.2

Overview

Description
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like user@example.tld that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would be send to the server of the attacker. It is recommended that the Nextcloud Mail app is upgraded to 1.14.6, 1.15.4, 2.2.11, 3.6.3, 3.7.7 or 4.0.0.
Source
security-advisories@github.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.2
Impact score
6
Exploitability score
1.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L
Severity
HIGH

Weaknesses

security-advisories@github.com
CWE-200

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. CVE-2024-52508 Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like user@exam… https://t.co/ow6O5xHged

    @CVEnew

    15 Nov 2024

    209 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References