Home > Vulnerability Database > CVE-2023-25160

Mend.io Vulnerability Database

CVE-2023-25160

Date: February 13, 2023

Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25, Mail 1.14.5 for Nextcloud 22-24, Mail 1.12.9 for Nextcloud 21, or Mail 1.11.8 for Nextcloud 20 to receive a patch. No known workarounds are available.

Language: PHP

Severity Score

4.1

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-25160

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m45f-r5gh-h6cx

Url: https://hackerone.com/reports/1784681

Url: https://github.com/nextcloud/mail/pull/7740

Url: https://www.mend.io/vulnerability-database/CVE-2023-25160

Severity Score

4.1

Weakness Type (CWE)

Authorization Bypass Through User-Controlled Key

CWE-639

CVSS v3.1

Base Score:	4.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-25160

Date: February 13, 2023

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?