CVE-2023-33184
LOWNextcloud Mail 1.13.0-1.15.2 - Server-Side Request Forgery
Title source: llmDescription
Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gph-9895-w564
Patch x_refsource_misc
https://github.com/nextcloud/mail/pull/8275
Issue Tracking x_refsource_misc
https://hackerone.com/reports/1913095
Scores
CVSS v3
3.5
EPSS
0.0016
EPSS Percentile
35.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (1)
nextcloud/mail
1.13.0 - 1.15.3
Published
May 27, 2023
Tracked Since
Feb 18, 2026