CVE-2023-25160

Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25, Mail 1.14.5 for Nextcloud 22-24, Mail 1.12.9 for Nextcloud 21, or Mail 1.11.8 for Nextcloud 20 to receive a patch. No known workarounds are available.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nextcloud:mail:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:mail:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:mail:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:mail:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-02-13 21:15

Updated : 2024-02-28 19:51


NVD link : CVE-2023-25160

Mitre link : CVE-2023-25160

CVE.ORG link : CVE-2023-25160


JSON object : View

Products Affected

nextcloud

  • mail
CWE
CWE-639

Authorization Bypass Through User-Controlled Key