Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nextcloud Mail auto configurator can be tricked into sending account information to wrong servers
Vulnerability Description
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like user@example.tld that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would be send to the server of the attacker. It is recommended that the Nextcloud Mail app is upgraded to 1.14.6, 1.15.4, 2.2.11, 3.6.3, 3.7.7 or 4.0.0.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L
Vulnerability Type
信息暴露
Vulnerability Title
Nextcloud Mail 信息泄露漏洞
Vulnerability Description
Nextcloud Mail是德国Nextcloud公司的一个电子邮件。 Nextcloud Mail存在信息泄露漏洞。攻击者利用该漏洞注册autoconfig.tld,则使用的电子邮件详细信息将发送到攻击者的服务器。
CVSS Information
N/A
Vulnerability Type
N/A