Vulnerability Description
Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0. There are no known workarounds for this vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | >= 2.2.0, < 2.2.8 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/mail/pull/8459Issue TrackingPatch
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8j9x-fVendor Advisory
- https://hackerone.com/reports/1895874Third Party Advisory
- https://github.com/nextcloud/mail/pull/8459Issue TrackingPatch
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8j9x-fVendor Advisory
- https://hackerone.com/reports/1895874Third Party Advisory
FAQ
What is CVE-2023-45660?
CVE-2023-45660 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial o...
How severe is CVE-2023-45660?
CVE-2023-45660 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-45660?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Mail.