Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like [email protected] that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would be send to the server of the attacker. It is recommended that the Nextcloud Mail app is upgraded to 1.14.6, 1.15.4, 2.2.11, 3.6.3, 3.7.7 or 4.0.0.
History

Fri, 15 Nov 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Nextcloud
Nextcloud nextcloud Mail
CPEs cpe:2.3:a:nextcloud:nextcloud_mail:*:*:*:*:*:*:*:*
Vendors & Products Nextcloud
Nextcloud nextcloud Mail
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 15 Nov 2024 17:45:00 +0000

Type Values Removed Values Added
Description Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like [email protected] that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would be send to the server of the attacker. It is recommended that the Nextcloud Mail app is upgraded to 1.14.6, 1.15.4, 2.2.11, 3.6.3, 3.7.7 or 4.0.0.
Title Nextcloud Mail auto configurator can be tricked into sending account information to wrong servers
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-11-15T17:34:21.900Z

Updated: 2024-11-15T18:17:04.830Z

Reserved: 2024-11-11T18:49:23.558Z

Link: CVE-2024-52508

cve-icon Vulnrichment

Updated: 2024-11-15T18:16:54.895Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-15T18:15:29.060

Modified: 2024-11-18T17:11:56.587

Link: CVE-2024-52508

cve-icon Redhat

No data.