Vulnerability Details : CVE-2021-39220
Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommended that the Nextcloud Mail application is upgraded to 1.10.4 or 1.11.0. There are no known workarounds aside from upgrading.
Vulnerability category: Input validationInformation leak
Products affected by CVE-2021-39220
- cpe:2.3:a:nextcloud:mail:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-39220
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-39220
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:P/I:N/A:N |
6.8
|
2.9
|
NIST | |
3.5
|
LOW | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
2.1
|
1.4
|
GitHub, Inc. |
CWE ids for CVE-2021-39220
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by:
- nvd@nist.gov (Primary)
- security-advisories@github.com (Secondary)
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: security-advisories@github.com (Secondary)
References for CVE-2021-39220
-
https://hackerone.com/reports/1308147
Sign inPermissions Required
-
https://github.com/nextcloud/mail/pull/5470
Set schema for url when empty. by kesselb · Pull Request #5470 · nextcloud/mail · GitHubPatch;Third Party Advisory
-
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q9v-wm8r-rcv5
Bypass of image blocking in Nextcloud Mail · Advisory · nextcloud/security-advisories · GitHubThird Party Advisory
Jump to