CVE-2023-33184 Information

Description

Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02 2.2.5 or 1.15.3.

Reference

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gph-9895-w564 https://github.com/nextcloud/mail/pull/8275 https://hackerone.com/reports/1913095