CVE-2021-32707

Description

Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attribute. Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage. The issue was patched in version 1.9.6 and 1.10.0. No workarounds are known to exist.

Related CPE's

a nextcloud nextcloud_mail ********

References

https://hackerone.com/reports/1215251

Permissions Required

https://github.com/nextcloud/mail/pull/5189

PatchThird Party Advisory

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xxp4-44xc-8crh

Third Party Advisory

CvssV3 impact

BaseSeverity	MEDIUM
ConfidentialityImpact	NONE
AttackComplexity	LOW
Scope	UNCHANGED
AttackVector	NETWORK
AvailabilityImpact	NONE
IntegrityImpact	LOW
PrivilegesRequired	LOW
BaseScore	4.3
VectorString	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Version	3.1
UserInteraction	NONE

CvssV2 impact

AccessComplexity	LOW
ConfidentialityImpact	NONE
AvailabilityImpact	NONE
IntegrityImpact	PARTIAL
BaseScore	4
VectorString	AV:N/AC:L/Au:S/C:N/I:P/A:N
Version	2.0
AccessVector	NETWORK
Authentication	SINGLE

Created by Yello

About Severity.io