Nextcloud Mail
Approved changes feed: RSS · Atom
cpe:2.3:a:nextcloud:nextcloud_mail:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Nextcloud (e5ae4298-6932-564f-a40d-08cebea039a5) |
|---|---|
| Product | Nextcloud Mail (4952a017-a2e8-5295-8dba-7a0dcb446868) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/nextcloud/mail |
purl2cpe | 2026-06-01 10:17:59.307720 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-52508 |
vulnerable | 2026-06-03 14:57:29.747293 |
Nextcloud Mail auto configurator can be tricked into sending account information to wrong servers
HIGH (8.2)
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like user@example.tld that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would be send to the server of the attacker. It is recommended that the Nextcloud Mail app is upgraded to 1.14.6, 1.15.4, 2.2.11, 3.6.3, 3.7.7 or 4.0.0.
Published: 2024-11-15T17:34:21.900Z
Updated: 2024-11-15T18:17:04.830Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-31131 |
vulnerable | 2026-06-03 14:47:10.676272 |
Ownership check missing when updating or deleting mail attachments in Nextcloud mail
MEDIUM (5.4)
Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended that the Nextcloud Mail app is upgraded to 1.12.2. There are no known workarounds for this issue. ### Workarounds No workaround available ### References * [Pull request](https://github.com/nextcloud/mail/pull/6600) * [HackerOne](https://hackerone.com/reports/1579820) ### For more information If you have any questions or comments about this advisory: * Create a post in [nextcloud/security-advisories](https://github.com/nextcloud/security-advisories/discussions) * Customers: Open a support ticket at [support.nextcloud.com](https://support.nextcloud.com)
Published: 2022-07-06T17:55:14.000Z
Updated: 2025-04-22T17:51:44.515Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.