CVE-2023-33184

Summary

Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.

Affected Software

VendorProductVersion RangeStatus
nextcloudsecurity-advisories< 1.15.3affected
nextcloudsecurity-advisories< 2.2.5affected
nextcloudsecurity-advisories< 3.02affected

Weaknesses

  • CWE-918: CWE-918: Server-Side Request Forgery (SSRF)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References