Vulnerability Details CVE-2023-33184
Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.1%
CVSS Severity
CVSS v3 Score 3.5
References
- https://github.com/nextcloud/mail/pull/8275
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gph-9895-w564
- https://hackerone.com/reports/1913095
- https://github.com/nextcloud/mail/pull/8275
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gph-9895-w564
- https://hackerone.com/reports/1913095
Products affected by CVE-2023-33184
-
cpe:2.3:a:nextcloud:mail:1.13.0
-
cpe:2.3:a:nextcloud:mail:1.13.1
-
cpe:2.3:a:nextcloud:mail:1.13.2
-
cpe:2.3:a:nextcloud:mail:1.13.3
-
cpe:2.3:a:nextcloud:mail:1.13.4
-
cpe:2.3:a:nextcloud:mail:1.13.5
-
cpe:2.3:a:nextcloud:mail:1.13.6
-
cpe:2.3:a:nextcloud:mail:1.13.7
-
cpe:2.3:a:nextcloud:mail:1.13.8
-
cpe:2.3:a:nextcloud:mail:1.13.9
-
cpe:2.3:a:nextcloud:mail:1.14.0
-
cpe:2.3:a:nextcloud:mail:1.14.1
-
cpe:2.3:a:nextcloud:mail:1.14.2
-
cpe:2.3:a:nextcloud:mail:1.14.3
-
cpe:2.3:a:nextcloud:mail:1.14.4
-
cpe:2.3:a:nextcloud:mail:1.14.5
-
cpe:2.3:a:nextcloud:mail:1.14.6
-
cpe:2.3:a:nextcloud:mail:1.15.0
-
cpe:2.3:a:nextcloud:mail:1.15.1
-
cpe:2.3:a:nextcloud:mail:1.15.2
-
cpe:2.3:a:nextcloud:mail:2.2.0
-
cpe:2.3:a:nextcloud:mail:2.2.1
-
cpe:2.3:a:nextcloud:mail:2.2.2
-
cpe:2.3:a:nextcloud:mail:2.2.3
-
cpe:2.3:a:nextcloud:mail:2.2.4
-
cpe:2.3:a:nextcloud:mail:2.3.0
-
cpe:2.3:a:nextcloud:mail:3.0.0
-
cpe:2.3:a:nextcloud:mail:3.0.1