CVE-2023-33184
- Source
- https://cve.org/CVERecord?id=CVE-2023-33184
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33184.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-33184
- Aliases
-
- GHSA-8gph-9895-w564
- Published
- 2023-05-27T04:36:01.535Z
- Modified
- 2025-12-20T02:51:28.357258Z
- Severity
-
- 3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Blind SSRF in the Nextcloud Mail app on avatar endpoint
- Details
-
Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.
- Database specific
{ "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/33xxx/CVE-2023-33184.json", "cwe_ids": [ "CWE-918" ] }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/33xxx/CVE-2023-33184.json
- https://github.com/nextcloud/mail/pull/8275
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gph-9895-w564
- https://hackerone.com/reports/1913095
- https://nvd.nist.gov/vuln/detail/CVE-2023-33184