CVE-2023-45660 MEDIUM

CVE-2023-45660: Require strict cookies for image proxy requests in Nextcloud Mail

Vendor Nextcloud

Product security-advisories

Weakness CWE-918 · SSRF

Published October 16, 2023

Last update September 13, 2024

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0. There are no known workarounds for this vulnerability.

Key dates

02Disclosure timeline

October 16, 2023 CVE published

September 13, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-45660

Related vulnerabilities

Identifiers

CVE CVE-2023-45660

CWE CWE-918

CVSS 4.3 / MEDIUM

Affected versions

Vendor Nextcloud

Product security-advisories

Affected >= 2.0.0, < 2.2.8

Vendor Nextcloud

Product security-advisories

Affected >= 3.0.0, < 3.3.0

CVE-2023-45660: Require strict cookies for image proxy requests in Nextcloud Mail

01Description

02Disclosure timeline

03References

04Related CVE