Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users.
References
Link | Resource |
---|---|
https://github.com/nextcloud/mail/pull/4864 | Patch Third Party Advisory |
https://github.com/nextcloud/mail/releases/tag/v1.9.5 | Release Notes Third Party Advisory |
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jmgp-77jq-fjp3 | Third Party Advisory |
https://hackerone.com/reports/1129996 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hackerone
Published: 2021-06-11T15:49:38
Updated: 2021-06-11T15:49:38
Reserved: 2021-01-06T00:00:00
Link: CVE-2021-22896
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-06-11T16:15:10.887
Modified: 2021-06-22T01:03:15.073
Link: CVE-2021-22896
JSON object: View
Redhat Information
No data.
CWE