Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like [email protected] that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would be send to the server of the attacker. It is recommended that the Nextcloud Mail app is upgraded to 1.14.6, 1.15.4, 2.2.11, 3.6.3, 3.7.7 or 4.0.0.
Metrics
Affected Vendors & Products
References
History
Fri, 15 Nov 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Nextcloud
Nextcloud nextcloud Mail |
|
CPEs | cpe:2.3:a:nextcloud:nextcloud_mail:*:*:*:*:*:*:*:* | |
Vendors & Products |
Nextcloud
Nextcloud nextcloud Mail |
|
Metrics |
ssvc
|
Fri, 15 Nov 2024 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like [email protected] that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would be send to the server of the attacker. It is recommended that the Nextcloud Mail app is upgraded to 1.14.6, 1.15.4, 2.2.11, 3.6.3, 3.7.7 or 4.0.0. | |
Title | Nextcloud Mail auto configurator can be tricked into sending account information to wrong servers | |
Weaknesses | CWE-200 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-11-15T17:34:21.900Z
Updated: 2024-11-15T18:17:04.830Z
Reserved: 2024-11-11T18:49:23.558Z
Link: CVE-2024-52508
Vulnrichment
Updated: 2024-11-15T18:16:54.895Z
NVD
Status : Awaiting Analysis
Published: 2024-11-15T18:15:29.060
Modified: 2024-11-18T17:11:56.587
Link: CVE-2024-52508
Redhat
No data.