Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Nextcloud Subscribe
Filtered by product Nextcloud Mail
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-32707 1 Nextcloud 1 Nextcloud Mail 2022-10-25 4.0 MEDIUM 4.3 MEDIUM
Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attribute. Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage. The issue was patched in version 1.9.6 and 1.10.0. No workarounds are known to exist.
CVE-2022-31131 1 Nextcloud 1 Nextcloud Mail 2022-07-14 4.0 MEDIUM 4.3 MEDIUM
Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended that the Nextcloud Mail app is upgraded to 1.12.2. There are no known workarounds for this issue. ### Workarounds No workaround available ### References * [Pull request](https://github.com/nextcloud/mail/pull/6600) * [HackerOne](https://hackerone.com/reports/1579820) ### For more information If you have any questions or comments about this advisory: * Create a post in [nextcloud/security-advisories](https://github.com/nextcloud/security-advisories/discussions) * Customers: Open a support ticket at [support.nextcloud.com](https://support.nextcloud.com)
CVE-2020-8156 2 Fedoraproject, Nextcloud 2 Fedora, Nextcloud Mail 2022-05-24 6.8 MEDIUM 7.0 HIGH
A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.
CVE-2021-32652 1 Nextcloud 1 Nextcloud Mail 2021-06-14 4.0 MEDIUM 4.3 MEDIUM
Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users. Versions 1.4.3 and 1.8.2 contain patches for this vulnerability; no workarounds other than the patches are known to exist.