Home > Vulnerability Database > CVE-2023-33184

Mend.io Vulnerability Database

CVE-2023-33184

Date: May 26, 2023

Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.

Language: PHP

Severity Score

3.5

Related Resources (5)

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gph-9895-w564

Url: https://hackerone.com/reports/1913095

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-33184

Url: https://github.com/nextcloud/mail/pull/8275

Url: https://www.mend.io/vulnerability-database/CVE-2023-33184

Severity Score

3.5

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

CVSS v3.1

Base Score:	3.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-33184

Date: May 26, 2023

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?