Nextcloud Mail
By the Year
In 2024 there have been 0 vulnerabilities in Nextcloud Mail . Last year Nextcloud Mail had 1 security vulnerability published. Right now, Nextcloud Mail is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 5.30 |
| 2022 | 1 | 4.30 |
| 2021 | 2 | 4.30 |
| 2020 | 1 | 7.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Nextcloud Mail vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Nextcloud Mail Security Vulnerabilities
Nextcloud Mail is a mail app in Nextcloud
CVE-2023-33184
5.3 - Medium
- May 27, 2023
Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.
XSPA
Nextcloud mail is a Mail app for the Nextcloud home server product
CVE-2022-31131
4.3 - Medium
- July 06, 2022
Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended that the Nextcloud Mail app is upgraded to 1.12.2. There are no known workarounds for this issue. ### Workarounds No workaround available ### References * [Pull request](https://github.com/nextcloud/mail/pull/6600) * [HackerOne](https://hackerone.com/reports/1579820) ### For more information If you have any questions or comments about this advisory: * Create a post in [nextcloud/security-advisories](https://github.com/nextcloud/security-advisories/discussions) * Customers: Open a support ticket at [support.nextcloud.com](https://support.nextcloud.com)
Insecure Direct Object Reference / IDOR
Nextcloud Mail is a mail app for Nextcloud
CVE-2021-32707
4.3 - Medium
- July 12, 2021
Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attribute. Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage. The issue was patched in version 1.9.6 and 1.10.0. No workarounds are known to exist.
Nextcloud Mail is a mail app for the Nextcloud platform
CVE-2021-32652
4.3 - Medium
- June 01, 2021
Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users. Versions 1.4.3 and 1.8.2 contain patches for this vulnerability; no workarounds other than the patches are known to exist.
AuthZ
A missing verification of the TLS host in Nextcloud Mail 1.1.3
CVE-2020-8156
7 - High
- May 12, 2020
A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.
Improper Certificate Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Fedora Project Fedora or by Nextcloud? Click the Watch button to subscribe.
