Unrated severityOSV Advisory· Published Jun 11, 2021· Updated Aug 3, 2024
CVE-2021-22896
CVE-2021-22896
Description
Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/nextcloud/mail/pull/4864mitrex_refsource_MISC
- github.com/nextcloud/mail/releases/tag/v1.9.5mitrex_refsource_MISC
- github.com/nextcloud/security-advisories/security/advisories/GHSA-jmgp-77jq-fjp3mitrex_refsource_MISC
- hackerone.com/reports/1129996mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.