Forum
CVE-2023-33184 - Nextcloud Mail
Zitat von MITs Forum am 27. Mai 2023, 0:00 UhrNextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.
References
https://github.com/nextcloud/mail/pull/8275
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gph-9895-w564
https://hackerone.com/reports/1913095
Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.
References
https://github.com/nextcloud/mail/pull/8275
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gph-9895-w564
https://hackerone.com/reports/1913095