Skip to content

Missing permission check on email metadata retrieval

High
LukasReschke published GHSA-mxx2-6rg9-v2vc Jun 1, 2021

Package

Nextcloud Mail

Affected versions

< 1.4.3, < 1.8.2

Patched versions

1.4.3, 1.8.2

Description

Impact

Missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users.

Patches

It is recommended that the Nextcloud Mail App is upgraded to 1.4.3 or 1.8.2.

Workarounds

None.

References

For more information

If you have any questions or comments about this advisory:

Severity

High

CVE ID

CVE-2021-32652

Weaknesses

Credits