Product:

Nextcloud_mail

(Nextcloud)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 5
Date Id Summary Products Score Patch Annotated
2020-05-12 CVE-2020-8156 A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack. Fedora, Nextcloud_mail 7.0
2022-07-06 CVE-2022-31131 Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended that the Nextcloud Mail app is upgraded to 1.12.2. There are no known workarounds for this issue. ### Workarounds No workaround available ### References * [Pull... Nextcloud_mail 4.3
2023-05-27 CVE-2023-33184 Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3. Nextcloud_mail 5.3
2021-07-12 CVE-2021-32707 Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attribute. Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage. The issue was patched in version 1.9.6 and 1.10.0. No workarounds are known to exist. Nextcloud_mail 4.3
2021-06-01 CVE-2021-32652 Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users. Versions 1.4.3 and 1.8.2 contain patches for this vulnerability; no workarounds other than the patches are known to exist. Nextcloud_mail 4.3