CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.



**Affected versions**

\>= 2.3.0, >= 1.13.0, >= 1.12.0

**Patched versions**

3.0.2, 2.2.5, 1.15.3

**Description**

**Impact**

A blind SSRF attack allowed to send GET requests to services running in the same web server.

**Patches**

It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3

**Workarounds**

*   Disable Mail app

**References**

*   HackerOne
*   PullRequest

**For more information**

If you have any questions or comments about this advisory:

*   Create a post in nextcloud/security-advisories
*   Customers: Open a support ticket at support.nextcloud.com

Headline

CVE-2023-33184: Blind SSRF in the Mail app on avatar endpoint

CVE: Latest News