CVE-2021-32652

Summary

Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users. Versions 1.4.3 and 1.8.2 contain patches for this vulnerability; no workarounds other than the patches are known to exist.

Affected Software

VendorProductVersion RangeStatus
nextcloudsecurity-advisories< 1.4.3affected
nextcloudsecurity-advisories>= 1.5.5, < 1.8.2affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References