Vulnerabilities > CVE-2021-22896 - Missing Authorization vulnerability in Nextcloud
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/nextcloud/mail/pull/4864
- https://github.com/nextcloud/mail/pull/4864
- https://github.com/nextcloud/mail/releases/tag/v1.9.5
- https://github.com/nextcloud/mail/releases/tag/v1.9.5
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jmgp-77jq-fjp3
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jmgp-77jq-fjp3
- https://hackerone.com/reports/1129996
- https://hackerone.com/reports/1129996