cbcvebase.
CVE-2023-45660
published 2023-10-16

CVE-2023-45660: Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an…

PriorityP421medium4.3CVSS 3.1
AVNACLPRLUINSUCNINAL
EPSS
0.60%
44.3th percentile
Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0. There are no known workarounds for this vulnerability.

Affected

4 ranges
VendorProductVersion rangeFixed in
nextcloudmail>= 2.2.0 < 2.2.82.2.8
nextcloudmail>= 3.0.0 < 3.3.03.3.0
nextcloudsecurity-advisories
nextcloudsecurity-advisories
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.