CVE-2021-22896

Summary

Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users.

Affected Software

VendorProductVersion RangeStatus
n/aNextcloud MailFixed in 1.9.5affected

Weaknesses

  • CWE-862: Missing Authorization (CWE-862)

ADP Enrichment

CVE Program Container

Additional References

References