CVE-2024-52508

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-52508
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52508.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-52508
Aliases
  • GHSA-vmhx-hwph-q6mc
Published
2024-11-15T17:34:21.900Z
Modified
2026-03-01T02:52:48.626839Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L CVSS Calculator
Summary
Nextcloud Mail auto configurator can be tricked into sending account information to wrong servers
Details

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like user@example.tld that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would be send to the server of the attacker. It is recommended that the Nextcloud Mail app is upgraded to 1.14.6, 1.15.4, 2.2.11, 3.6.3, 3.7.7 or 4.0.0.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/52xxx/CVE-2024-52508.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-200"
    ]
}
References

Affected packages

Git / github.com/nextcloud/mail

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/mail
Events
Introduced
f1c4d938cee68c8976393a566a10e21b4098f536
Fixed
a69d8295933c54cf98f55842d0a60b7cc1f1bc3e
Database specific 
{
    "versions": [
        {
            "introduced": "1.9.0"
        },
        {
            "fixed": "1.14.6"
        }
    ]
}
Type
GIT
Repo
https://github.com/nextcloud/mail
Events
Introduced
9eb32f249939ca5783c109a13ccb0d3a261744cb
Fixed
341688b4ce07d3ac0823899ede403ca12e52f94a
Database specific 
{
    "versions": [
        {
            "introduced": "2.1.0"
        },
        {
            "fixed": "2.2.11"
        }
    ]
}
Type
GIT
Repo
https://github.com/nextcloud/mail
Events
Introduced
778e748e37109149f8168a6cbbd1c3366594ff1b
Fixed
8480cb6b26bce880d0706dc62e9feaf9f68df2b7
Database specific 
{
    "versions": [
        {
            "introduced": "1.15.0"
        },
        {
            "fixed": "1.15.4"
        }
    ]
}
Type
GIT
Repo
https://github.com/nextcloud/mail
Events
Introduced
d12ce32074a72e61723e9e56793ba4d0d3e41981
Fixed
ec37b464ab9b22d0c882bb6646772c20210c6327
Database specific 
{
    "versions": [
        {
            "introduced": "3.7.0"
        },
        {
            "fixed": "3.7.7"
        }
    ]
}

Affected versions

1.*
1.10.0-alpha.7
v1.*
v1.10.0-RC.1
v1.10.0-alpha.4
v1.10.0-alpha.6
v1.10.0-alpha.7
v1.11.0
v1.11.0-rc1
v1.12.0-rc.1
v1.13.0-beta1
v1.13.0-beta3
v1.14.0
v1.14.0-alpha4
v1.14.0-beta1
v1.14.0-beta2
v1.14.0-beta3
v1.14.0-rc.1
v1.14.0-rc.2
v1.14.1
v1.14.2
v1.14.3
v1.14.3.alpha.1
v1.14.4
v1.14.5
v1.15.0
v1.15.1
v1.15.2
v1.15.3
v1.9.0
v3.*
v3.7.0
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.7.5
v3.7.6

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52508.json"