CVE-2021-32652Improper Access Control in Security-advisories

CWE-284Improper Access ControlCWE-862Missing Authorization2 documents2 sources
Severity
4.3MEDIUMNVD
CNA8.8
EPSS
0.5%
top 35.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Security-advisoriesNextcloud Mail
Timeline
PublishedJun 1

Description

Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users. Versions 1.4.3 and 1.8.2 contain patches for this vulnerability; no workarounds other than the patches are known to exist.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDnextcloud/mail1.5.51.8.2+1
CVEListV5nextcloud/security-advisories< 1.4.3+1

🔴Vulnerability Details

1
CVEList
Missing permission check on email metadata retrieval2021-06-01
CVE-2021-32652 — Improper Access Control | cvebase