CVE-2023-48307

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-48307
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-48307.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-48307
Aliases
  • GHSA-4pp4-m8ph-2999
Published
2023-11-21T23:15:07Z
Modified
2024-06-06T14:25:54.782163Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 contain a patch for this issue. As a workaround, disable the mail app.

References

Affected packages

Git / github.com/nextcloud-releases/mail

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud-releases/mail
Events
Type
GIT
Repo
https://github.com/nextcloud/mail
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

1.*

1.10.0-alpha.7
1.6.2

Other

nighly-20170831
nightly-20161202
nightly-20161208
nightly-20161218
nightly-20170117
nightly-20170612
nightly-20170823
nightly-20170831
nightly-20170906
nightly-20170913
nightly-20171127
nightly-20171212
nightly-20180410
nightly-20200115
nightly-20200423
nightly-20200427
nightly-20200506
nightly-20200513
untagged-bd8a3cab1eb0022ec683

v0.*

v0.1.0
v0.1.3
v0.10.0
v0.10.0-beta1
v0.10.0-rc1
v0.11.0
v0.11.0-beta1
v0.12.0
v0.12.0-RC1
v0.12.0-RC2
v0.12.0-RC3
v0.12.0-alpha-4
v0.12.0-alpha-5
v0.12.0-alpha1
v0.12.0-alpha2
v0.12.0-alpha3
v0.12.0-beta1
v0.12.0-beta2
v0.12.0-beta3
v0.12.0-beta4
v0.12.0-beta5
v0.13.0
v0.14.0
v0.15.0
v0.15.1
v0.15.2
v0.15.3
v0.15.4
v0.15.5
v0.16.0
v0.17.0
v0.18.0
v0.18.0-RC1
v0.18.1
v0.19.0
v0.19.1
v0.2.0
v0.20.0
v0.20.1
v0.20.2
v0.20.3
v0.21.0
v0.21.1
v0.3.0
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.5.0
v0.5.1
v0.5.2
v0.6.2
v0.7.0
v0.7.1
v0.7.10
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.7.7
v0.7.8
v0.7.9
v0.8.0
v0.8.0-alpha1
v0.8.0-beta1
v0.8.1
v0.8.2
v0.8.2-alpha2
v0.8.2-alpha3
v0.8.3
v0.8.3-alpha1
v0.9.0
v0.9.0-beta1
v0.9.0-beta2
v0.9.0-beta3
v0.9.0-rc1

v1.*

v1.0.0
v1.1.0
v1.1.1
v1.1.2
v1.10.0-RC.1
v1.10.0-alpha.4
v1.10.0-alpha.6
v1.10.0-alpha.7
v1.11.0
v1.11.0-rc1
v1.12.0-rc.1
v1.13.0-beta1
v1.13.0-beta3
v1.14.0-alpha4
v1.14.0-beta1
v1.3.0
v1.3.0-RC1
v1.3.0-beta1
v1.3.0-beta2
v1.3.0-beta3
v1.3.1
v1.3.2
v1.3.3
v1.4.0-beta1
v1.4.0-beta2
v1.4.0-rc1
v1.5.0
v1.5.0-alpha3
v1.5.0-beta1
v1.5.0-beta2
v1.5.0-beta3
v1.5.0-rc1
v1.5.0-rc2
v1.6.0
v1.7.0
v1.8.0
v1.9.0
v1.9.0-alpha2
v1.9.0-alpha3

v2.*

v2.0.0-RC1
v2.0.0-beta.5
v2.0.0-beta.6
v2.0.0-beta.7
v2.0.0-beta1
v2.0.0-beta3
v2.0.0-beta4
v2.1.0-rc1
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.2.7