CVE-2023-25160
- Source
- https://cve.org/CVERecord?id=CVE-2023-25160
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25160.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-25160
- Aliases
-
- GHSA-m45f-r5gh-h6cx
- Published
- 2023-02-13T20:19:08.774Z
- Modified
- 2026-04-10T04:55:59.497359Z
- Severity
-
- 4.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N CVSS Calculator
- Summary
- IDOR Vulnerability in Nextcloud Mail
- Details
-
Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25, Mail 1.14.5 for Nextcloud 22-24, Mail 1.12.9 for Nextcloud 21, or Mail 1.11.8 for Nextcloud 20 to receive a patch. No known workarounds are available.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-639" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/25xxx/CVE-2023-25160.json" }- References
-
- https://hackerone.com/reports/1784681
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/25xxx/CVE-2023-25160.json
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m45f-r5gh-h6cx
- https://nvd.nist.gov/vuln/detail/CVE-2023-25160
- https://github.com/nextcloud/mail/pull/7740
Affected packages
Git / github.com/nextcloud/mail
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nextcloud/mail
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "1.11.8" } ] }
- Type
- GIT
- Repo
- https://github.com/nextcloud/mail
- Events
- Database specific
{ "versions": [ { "introduced": "1.12.0" }, { "fixed": "1.12.9" } ] }
Affected versions
1.*
1.10.0-alpha.7
1.6.2
Other
nighly-20170831
nightly-20161202
nightly-20161208
nightly-20161218
nightly-20170117
nightly-20170612
nightly-20170823
nightly-20170831
nightly-20170906
nightly-20170913
nightly-20171127
nightly-20171212
nightly-20180410
nightly-20200115
nightly-20200423
nightly-20200427
nightly-20200506
nightly-20200513
untagged-bd8a3cab1eb0022ec683
v0.*
v0.1.0
v0.1.3
v0.10.0
v0.11.0
v0.12.0
v0.12.0-RC2
v0.12.0-RC3
v0.12.0-alpha3
v0.12.0-beta1
v0.12.0-beta2
v0.12.0-beta4
v0.12.0-beta5
v0.13.0
v0.14.0
v0.15.0
v0.15.1
v0.15.2
v0.15.3
v0.15.4
v0.15.5
v0.16.0
v0.17.0
v0.18.0
v0.18.0-RC1
v0.18.1
v0.19.0
v0.19.1
v0.2.0
v0.20.0
v0.20.1
v0.20.2
v0.20.3
v0.21.0
v0.21.1
v0.3.0
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.5.0
v0.5.1
v0.5.2
v0.6.2
v0.7.0
v0.7.1
v0.7.10
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.7.7
v0.7.8
v0.7.9
v0.8.0
v0.8.0-alpha1
v0.8.0-beta1
v0.8.1
v0.8.2
v0.8.3
v0.9.0
v1.*
v1.0.0
v1.1.0
v1.1.1
v1.1.2
v1.10.0-RC.1
v1.10.0-alpha.4
v1.10.0-alpha.6
v1.10.0-alpha.7
v1.11.0
v1.11.0-rc1
v1.11.1
v1.11.2
v1.11.3
v1.11.4
v1.11.5
v1.11.6
v1.11.7
v1.12.0
v1.12.1
v1.12.1-rc.1
v1.12.2
v1.12.3
v1.12.4
v1.12.5
v1.12.6
v1.12.6-rc.1
v1.12.7
v1.12.8
v1.3.0
v1.3.0-RC1
v1.3.0-beta1
v1.3.0-beta2
v1.3.0-beta3
v1.3.1
v1.3.2
v1.3.3
v1.4.0-beta1
v1.4.0-beta2
v1.4.0-rc1
v1.5.0
v1.5.0-alpha3
v1.5.0-beta1
v1.5.0-beta2
v1.5.0-beta3
v1.5.0-rc1
v1.5.0-rc2
v1.6.0
v1.7.0
v1.8.0
v1.9.0
v1.9.0-alpha2
v1.9.0-alpha3