CVE-2021-32707

Опубликовано: 12 июл. 2021

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a background-image CSS attribute. Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage. The issue was patched in version 1.9.6 and 1.10.0. No workarounds are known to exist.

Ссылки

https://github.com/nextcloud/mail/pull/5189
Patch
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xxp4-44xc-8crh
Third Party Advisory
https://hackerone.com/reports/1215251
Exploit
Third Party Advisory
https://github.com/nextcloud/mail/pull/5189
Patch
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xxp4-44xc-8crh
Third Party Advisory
https://hackerone.com/reports/1215251
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nextcloud:mail:*:*:*:*:*:*:*:*

Версия до 1.9.6 (исключая)

EPSS

Процентиль: 55%

0.00323

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-20

NVD-CWE-Other

EPSS

Процентиль: 55%

0.00323

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-20

NVD-CWE-Other