An attacker can access the mail box by ID getting the subjects and the first characters of the emails.
Users should update to
Mail 2.2.1 for Nextcloud 25 Mail 1.14.5 for Nextcloud 22-24 Mail 1.12.9 for Nextcloud 21 Mail 1.11.8 for Nextcloud 20
No workaround available
HackerOne Pull Request
If you have any questions or comments about this advisory:
Impact
An attacker can access the mail box by ID getting the subjects and the first characters of the emails.
Patches
Users should update to
Mail 2.2.1 for Nextcloud 25
Mail 1.14.5 for Nextcloud 22-24
Mail 1.12.9 for Nextcloud 21
Mail 1.11.8 for Nextcloud 20
Workarounds
No workaround available
References
HackerOne
Pull Request
For more information
If you have any questions or comments about this advisory: