CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 contain a patch for this issue. As a workaround, disable the mail app.

**Affected versions**

\>= 1.13.0, >= 2.1.0, >= 3.1.0

**Patched versions**

2.2.8, 3.3.0

**Description**

**Impact**

An attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack.

**Patches**

It is recommended that the Nextcloud Mail app is upgraded to 2.2.8 or 3.3.0

**Workarounds**

*   Disable mail app

**References**

*   HackerOne
*   PullRequest

**For more information**

If you have any questions or comments about this advisory:

*   Create a post in nextcloud/security-advisories
*   Customers: Open a support ticket at portal.nextcloud.com

Headline

CVE-2023-48307: Server-Side Request Forgery (SSRF) in Mail app

CVE: Latest News