cbcvebase.
CVE-2021-39220
published 2021-10-25

CVE-2021-39220: Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render…

PriorityP413low3.5CVSS 3.1
AVNACLPRLUIRSUCLINAN
EPSS
0.76%
50.6th percentile
Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommended that the Nextcloud Mail application is upgraded to 1.10.4 or 1.11.0. There are no known workarounds aside from upgrading.

Affected

2 ranges
VendorProductVersion rangeFixed in
nextcloudmail< 1.10.41.10.4
nextcloudsecurity-advisories< 1.10.4, < 1.11.01.10.4, < 1.11.0

CVSS provenance

nvdv3.13.5LOWCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.