Low severity2.0NVD Advisory· Published Feb 6, 2023· Updated Jun 17, 2026
CVE-2023-23944
CVE-2023-23944
Description
Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user passwords until the OAuth setup has been completed. It is recommended that the Nextcloud Mail app is upgraded to 2.2.2. There are no known workarounds for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- nextcloud/security-advisoriesv5Range: < 2.2.2
Patches
Vulnerability mechanics
References
3- github.com/nextcloud/mail/pull/7797nvdPatch
- github.com/nextcloud/security-advisories/security/advisories/GHSA-g86r-x755-93f4nvdVendor Advisory
- hackerone.com/reports/1806275nvdPermissions RequiredThird Party Advisory
News mentions
0No linked articles in our index yet.