CVE-2023-48307

Опубликовано: 21 нояб. 2023

Источник: nvd

CVSS3: 3.5

CVSS3: 9.8

EPSS Низкий

Описание

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 contain a patch for this issue. As a workaround, disable the mail app.

Ссылки

https://github.com/nextcloud/mail/pull/8709
Issue Tracking
Patch
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4pp4-m8ph-2999
Vendor Advisory
https://hackerone.com/reports/1869714
Permissions Required
https://github.com/nextcloud/mail/pull/8709
Issue Tracking
Patch
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4pp4-m8ph-2999
Vendor Advisory
https://hackerone.com/reports/1869714
Permissions Required

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nextcloud:mail:*:*:*:*:*:*:*:*

Версия от 1.13.0 (включая) до 2.2.8 (исключая)

cpe:2.3:a:nextcloud:mail:*:*:*:*:*:*:*:*

Версия от 3.0.0 (включая) до 3.3.0 (исключая)

EPSS

Процентиль: 40%

0.00183

Низкий

3.5 Low

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-918

EPSS

Процентиль: 40%

0.00183

Низкий

3.5 Low

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-918