CVE-2023-33184

medium

Description

Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.

References

https://hackerone.com/reports/1913095

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gph-9895-w564

https://github.com/nextcloud/mail/pull/8275

Details

Source: Mitre, NVD

Published: 2023-05-27

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N