Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-23943

Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is upgraded to 1.15.0 or 2.2.2. The only known workaround for this issue is to completely disable the nextcloud mail app.

Published

2023-02-06T21:15:09.810

Last Modified

2024-11-21T07:47:09.140

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.0 (MEDIUM)

Weaknesses

Type: Primary
CWE-918

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	mail	< 1.15.0	Yes
Application	nextcloud	mail	< 2.2.2	Yes

References

https://github.com/nextcloud/mail/pull/7796 Patch ([email protected])
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gcx-r739-9pf6 Vendor Advisory ([email protected])
https://hackerone.com/reports/1736390 Exploit, Third Party Advisory ([email protected])
https://hackerone.com/reports/1741525 Exploit, Third Party Advisory ([email protected])
https://hackerone.com/reports/1746582 Exploit, Third Party Advisory ([email protected])
https://github.com/nextcloud/mail/pull/7796 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gcx-r739-9pf6 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1736390 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1741525 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1746582 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)