Vulnerability Description
Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is upgraded to 1.15.0 or 2.2.2. The only known workaround for this issue is to completely disable the nextcloud mail app.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | < 1.15.0 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/mail/pull/7796Patch
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gcx-rVendor Advisory
- https://hackerone.com/reports/1736390ExploitThird Party Advisory
- https://hackerone.com/reports/1741525ExploitThird Party Advisory
- https://hackerone.com/reports/1746582ExploitThird Party Advisory
- https://github.com/nextcloud/mail/pull/7796Patch
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gcx-rVendor Advisory
- https://hackerone.com/reports/1736390ExploitThird Party Advisory
- https://hackerone.com/reports/1741525ExploitThird Party Advisory
- https://hackerone.com/reports/1746582ExploitThird Party Advisory
FAQ
What is CVE-2023-23943?
CVE-2023-23943 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within...
How severe is CVE-2023-23943?
CVE-2023-23943 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-23943?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Mail.