CVE-2023-33184Server-Side Request Forgery in Security-advisories

CWE-918Server-Side Request Forgery2 documents2 sources
Severity
5.3MEDIUMNVD
CNA3.5
EPSS
0.2%
top 63.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Security-advisoriesNextcloud Mail
Timeline
PublishedMay 27

Description

Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDnextcloud/mail1.13.01.15.3+2
CVEListV5nextcloud/security-advisories< 1.15.3+2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
CVEList
Blind SSRF in the Nextcloud Mail app on avatar endpoint2023-05-27
CVE-2023-33184 — Server-Side Request Forgery | cvebase