VYPR
Unrated severityNVD Advisory· Published Oct 16, 2023· Updated Sep 13, 2024

Require strict cookies for image proxy requests in Nextcloud Mail

CVE-2023-45660

Description

Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0. There are no known workarounds for this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Nextcloud/Mailllm-fuzzy
    Range: <2.2.8 || >=3.0.0 <3.3.0
  • nextcloud/security-advisoriesv5
    Range: >= 2.0.0, < 2.2.8

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.