Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attribute. Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage. The issue was patched in version 1.9.6 and 1.10.0. No workarounds are known to exist.
References
Link | Resource |
---|---|
https://github.com/nextcloud/mail/pull/5189 | Patch Third Party Advisory |
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xxp4-44xc-8crh | Third Party Advisory |
https://hackerone.com/reports/1215251 | Exploit Third Party Advisory |
Configurations
History
20 Nov 2024, 14:49
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:nextcloud:mail:*:*:*:*:*:*:*:* | |
First Time |
Nextcloud mail
|
Information
Published : 2021-07-12 19:15
Updated : 2024-11-20 14:49
NVD link : CVE-2021-32707
Mitre link : CVE-2021-32707
CVE.ORG link : CVE-2021-32707
JSON object : View
Products Affected
nextcloud
CWE
NVD-CWE-Other
CWE-20
Improper Input Validation
CWE-200Exposure of Sensitive Information to an Unauthorized Actor