Vulnerabilities > CVE-2023-48307 - Unspecified vulnerability in Nextcloud Mail
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 contain a patch for this issue. As a workaround, disable the mail app.
Vulnerable Configurations
References
- https://github.com/nextcloud/mail/pull/8709
- https://github.com/nextcloud/mail/pull/8709
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4pp4-m8ph-2999
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4pp4-m8ph-2999
- https://hackerone.com/reports/1869714
- https://hackerone.com/reports/1869714