CVE-2021-39220

Опубликовано: 25 окт. 2021

Источник: nvd

CVSS3: 3.5

CVSS2: 3.5

EPSS Низкий

Описание

Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommended that the Nextcloud Mail application is upgraded to 1.10.4 or 1.11.0. There are no known workarounds aside from upgrading.

Ссылки

https://github.com/nextcloud/mail/pull/5470
Patch
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q9v-wm8r-rcv5
Third Party Advisory
https://hackerone.com/reports/1308147
Permissions Required
https://github.com/nextcloud/mail/pull/5470
Patch
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q9v-wm8r-rcv5
Third Party Advisory
https://hackerone.com/reports/1308147
Permissions Required

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nextcloud:mail:*:*:*:*:*:*:*:*

Версия до 1.10.4 (исключая)

EPSS

Процентиль: 50%

0.00264

Низкий

3.5 Low

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-20

EPSS

Процентиль: 50%

0.00264

Низкий

3.5 Low

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-20