Vulnerability Details : CVE-2023-23943
Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is upgraded to 1.15.0 or 2.2.2. The only known workaround for this issue is to completely disable the nextcloud mail app.
Vulnerability category: Server-side request forgery (SSRF)
Products affected by CVE-2023-23943
- cpe:2.3:a:nextcloud:mail:*:*:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:mail:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-23943
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 44 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-23943
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST | |
5.0
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |
3.1
|
1.4
|
GitHub, Inc. |
CWE ids for CVE-2023-23943
-
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.Assigned by: security-advisories@github.com (Primary)
References for CVE-2023-23943
-
https://hackerone.com/reports/1741525
HackerOneExploit;Third Party Advisory
-
https://github.com/nextcloud/mail/pull/7796
Validate remote hosts by ChristophWurst · Pull Request #7796 · nextcloud/mail · GitHubPatch
-
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gcx-r739-9pf6
Blind SSRF via server URL input in the Nextcloud Mail app · Advisory · nextcloud/security-advisories · GitHubVendor Advisory
-
https://hackerone.com/reports/1746582
HackerOneExploit;Third Party Advisory
-
https://hackerone.com/reports/1736390
HackerOneExploit;Third Party Advisory
Jump to