Vulnerability: Denial of Service in Nextcloud Mail Proxy Endpoint

Vulnerability: Denial of Service in Nextcloud Mail Proxy Endpoint

CVE-2023-45660 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0. There are no known workarounds for this vulnerability.

Learn more about our Cis Benchmark Audit For Server Software.