Skip to content

Bypass of image blocking in Nextcloud Mail

Low
LukasReschke published GHSA-6q9v-wm8r-rcv5 Oct 25, 2021

Package

Mail (Nextcloud)

Affected versions

< 1.10.4

Patched versions

1.10.4

Description

Impact

The Nextcloud Mail application does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol.

Patches

It is recommended that the Nextcloud Mail application is upgraded to 1.10.4.

Workarounds

None.

References

For more information

If you have any questions or comments about this advisory:

Severity

Low

CVE ID

CVE-2021-39220

Credits