← voltar
CVE-2023-33184

Blind SSRF in the Nextcloud Mail app on avatar endpoint

CVSS 3.5 LOWEPSS 0.5%CWE-918
Vexday Risk Score
8Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 3.5EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
27 mai 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Produtos afetados
nextcloud · security-advisories

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/nextcloud/mail/pull/8275https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gph-9895-w564https://hackerone.com/reports/1913095