Impact
The Nextcloud Mail application does by default not render images in emails to not leak the read state. The privacy filter failed to filter images with a background-image CSS attribute.
Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage.
Patches
It is recommended that the Nextcloud Mail application is upgraded to 1.9.6 or 1.10.0
Workarounds
None.
References
For more information
If you have any questions or comments about this advisory:
Impact
The Nextcloud Mail application does by default not render images in emails to not leak the read state. The privacy filter failed to filter images with a
background-imageCSS attribute.Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage.
Patches
It is recommended that the Nextcloud Mail application is upgraded to 1.9.6 or 1.10.0
Workarounds
None.
References
For more information
If you have any questions or comments about this advisory: