cbcvebase.
CVE-2024-52508
published 2024-11-15

CVE-2024-52508: Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like…

PriorityP341high8.1CVSS 3.1
AVNACLPRNUIRSUCHIHAN
EPSS
0.70%
48.4th percentile
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like [email protected] that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would be send to the server of the attacker. It is recommended that the Nextcloud Mail app is upgraded to 1.14.6, 1.15.4, 2.2.11, 3.6.3, 3.7.7 or 4.0.0.

Affected

10 ranges
VendorProductVersion rangeFixed in
nextcloudmail>= 1.15.0 < 1.15.41.15.4
nextcloudmail>= 1.9.0 < 1.14.61.14.6
nextcloudmail>= 2.1.0 < 2.2.112.2.11
nextcloudmail>= 3.1.0 < 3.6.33.6.3
nextcloudmail>= 3.7.0 < 3.7.73.7.7
nextcloudsecurity-advisories
nextcloudsecurity-advisories
nextcloudsecurity-advisories
nextcloudsecurity-advisories
nextcloudsecurity-advisories
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.