Blind SSRF Vulnerability in Nextcloud Mail App

Blind SSRF Vulnerability in Nextcloud Mail App

CVE-2023-33184 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.

Learn more about our Web App Pen Testing.