Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-33184

Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.

Published

2023-05-27T05:15:09.980

Last Modified

2024-11-21T08:05:04.390

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.5 (LOW)

Weaknesses

Type: Secondary
CWE-918
Type: Primary
CWE-918

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	mail	< 1.15.3	Yes
Application	nextcloud	mail	< 2.2.5	Yes
Application	nextcloud	mail	< 3.0.2	Yes

References

https://github.com/nextcloud/mail/pull/8275 Patch ([email protected])
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gph-9895-w564 Vendor Advisory ([email protected])
https://hackerone.com/reports/1913095 Issue Tracking ([email protected])
https://github.com/nextcloud/mail/pull/8275 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gph-9895-w564 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1913095 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)