CVE-2023-45660

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-45660

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-45660.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-45660

Aliases

GHSA-8j9x-fmww-qr37

Published

2023-10-16T18:32:00.486Z

Modified

2025-11-29T02:50:14.616113Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

Require strict cookies for image proxy requests in Nextcloud Mail

Details

Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0. There are no known workarounds for this vulnerability.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/45xxx/CVE-2023-45660.json",
    "cwe_ids": [
        "CWE-918"
    ],
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/nextcloud/mail

Affected ranges

Type

GIT

Repo

https://github.com/nextcloud/mail

Events

Introduced

40f4d8d299271d1d6f53dedd01de2c8215f55feb

Fixed

806f64a349f75b1ecd7871ea7aea4a11ed815774

Database specific

{
    "versions": [
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "2.2.8"
        }
    ]
}

Type

GIT

Repo

https://github.com/nextcloud/mail

Events

Introduced

b01f5a6d057a346683005627f0a0dd1f80bbc811

Fixed

5d492d2eb8cbd42c5324ba04aea7a05d414e69dd

Database specific

{
    "versions": [
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.3.0"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-45660.json"