Headline
CVE-2022-31131: Update phpdoc for local attachment and outbox by kesselb · Pull Request #6600 · nextcloud/mail
Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended that the Nextcloud Mail app is upgraded to 1.12.2. There are no known workarounds for this issue.
Workarounds
No workaround available
References
For more information
If you have any questions or comments about this advisory:
- Create a post in nextcloud/security-advisories
- Customers: Open a support ticket at support.nextcloud.com
@@ -54,6 +54,11 @@ class LocalAttachmentMapperTest extends TestCase { /** @var array */ private $attachments;
/** @var string */ private $user1 = 'user45678’; /** @var string */ private $user2 = 'dontFindMe’;
protected function setUp(): void { parent::setUp();
@@ -72,32 +77,39 @@ protected function setUp(): void { $delete = $qb->delete($this->mapper->getTableName()); $delete->execute();
$attachment = LocalAttachment::fromParams([ $attachment1 = LocalAttachment::fromParams([ ‘fileName’ => 'slimes_in_the_mines.jpeg’, ‘mimeType’ => 'image/jpeg’, ‘userId’ => 'user45678’, ‘userId’ => $this->user1, ‘createdAt’ => $this->timeFactory->getTime() ]); $attachment2 = LocalAttachment::fromParams([ ‘fileName’ => 'prismatic_shard.png’, ‘mimeType’ => 'image/png’, ‘userId’ => 'dontFindMe’, ‘userId’ => $this->user2, ‘createdAt’ => $this->timeFactory->getTime() ]); $attachment3 = LocalAttachment::fromParams([ ‘fileName’ => 'slimes_in_the_shard.png’, ‘mimeType’ => 'image/png’, ‘userId’ => $this->user1, ‘createdAt’ => $this->timeFactory->getTime() ]); $attachment = $this->mapper->insert($attachment); $attachment1 = $this->mapper->insert($attachment1); $attachment2 = $this->mapper->insert($attachment2); $this->attachmentIds = [$attachment->getId(), $attachment2->getId()];
$message = new LocalMessage(); $message->setType(LocalMessage::TYPE_OUTGOING); $message->setAccountId(1); $message->setAliasId(3); $message->setSendAt(3); $message->setSubject(‘testSaveLocalAttachments’); $message->setBody(‘message’); $message->setHtml(true); $message->setInReplyToMessageId(‘abcdefg’); $message = $this->localMessageMapper->insert($message); $attachment3 = $this->mapper->insert($attachment3); $this->attachmentIds = [$attachment1->getId(), $attachment2->getId(), $attachment3->getId()];
$message1 = new LocalMessage(); $message1->setType(LocalMessage::TYPE_OUTGOING); $message1->setAccountId(1); $message1->setAliasId(3); $message1->setSendAt(3); $message1->setSubject(‘testSaveLocalAttachments’); $message1->setBody(‘message’); $message1->setHtml(true); $message1->setInReplyToMessageId(‘abcdefg’); $message1 = $this->localMessageMapper->insert($message1); $message2 = new LocalMessage(); $message2->setType(LocalMessage::TYPE_OUTGOING); $message2->setAccountId(1); @@ -108,44 +120,44 @@ protected function setUp(): void { $message2->setHtml(true); $message2->setInReplyToMessageId(‘abcdefg’); $message2 = $this->localMessageMapper->insert($message2); $this->localMessageIds = [$message->getId(), $message2->getId()]; $this->localMessageIds = [$message1->getId(), $message2->getId()]; }
public function testSaveAndFindLocalAttachments(): void { $this->mapper->saveLocalMessageAttachments($this->localMessageIds[0], $this->attachmentIds); $foundAttachments = $this->mapper->findByLocalMessageId($this->localMessageIds[0]); $this->mapper->saveLocalMessageAttachments($this->user1, $this->localMessageIds[0], $this->attachmentIds); $foundAttachments = $this->mapper->findByLocalMessageId($this->user1, $this->localMessageIds[0]);
$this->assertCount(2, $foundAttachments); }
public function testDeleteForLocalMessage(): void { $this->mapper->saveLocalMessageAttachments($this->localMessageIds[0], $this->attachmentIds); $foundAttachments = $this->mapper->findByLocalMessageId($this->localMessageIds[0]); $this->mapper->saveLocalMessageAttachments($this->user1, $this->localMessageIds[0], $this->attachmentIds); $foundAttachments = $this->mapper->findByLocalMessageId($this->user1, $this->localMessageIds[0]);
$this->assertCount(2, $foundAttachments);
$this->mapper->deleteForLocalMessage($this->localMessageIds[0]); $this->mapper->deleteForLocalMessage($this->user1, $this->localMessageIds[0]);
$result = $this->mapper->findByLocalMessageId($this->localMessageIds[0]); $result = $this->mapper->findByLocalMessageId($this->user1, $this->localMessageIds[0]); $this->assertEmpty($result); }
public function testFind(): void { $this->mapper->saveLocalMessageAttachments($this->localMessageIds[0], $this->attachmentIds); $foundAttachment = $this->mapper->find('user45678’, $this->attachmentIds[0]); $this->mapper->saveLocalMessageAttachments($this->user1, $this->localMessageIds[0], $this->attachmentIds); $foundAttachment = $this->mapper->find($this->user1, $this->attachmentIds[0]);
$this->assertEquals('slimes_in_the_mines.jpeg’, $foundAttachment->getFileName()); $this->assertEquals('image/jpeg’, $foundAttachment->getMimeType()); $this->assertEquals($this->localMessageIds[0], $foundAttachment->getLocalMessageId()); $this->assertEquals('user45678’, $foundAttachment->getUserId()); $this->assertEquals($this->user1, $foundAttachment->getUserId());
$this->expectException(DoesNotExistException::class); $this->mapper->find('user45678’, $this->attachmentIds[1]); $this->mapper->find($this->user1, $this->attachmentIds[1]); }
public function testFindByLocalMessageIds(): void { $this->mapper->saveLocalMessageAttachments($this->localMessageIds[0], [$this->attachmentIds[0]]); $this->mapper->saveLocalMessageAttachments($this->localMessageIds[1], [$this->attachmentIds[1]]); $this->mapper->saveLocalMessageAttachments($this->user1, $this->localMessageIds[0], [$this->attachmentIds[0]]); $this->mapper->saveLocalMessageAttachments($this->user2, $this->localMessageIds[1], [$this->attachmentIds[1]]);
$foundAttachments = $this->mapper->findByLocalMessageIds($this->localMessageIds); $this->assertCount(2, $foundAttachments);