CVE-2022-31131

Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended that the Nextcloud Mail app is upgraded to 1.12.2. There are no known workarounds for this issue. ### Workarounds No workaround available ### References * [Pull request](https://github.com/nextcloud/mail/pull/6600) * [HackerOne](https://hackerone.com/reports/1579820) ### For more information If you have any questions or comments about this advisory: * Create a post in [nextcloud/security-advisories](https://github.com/nextcloud/security-advisories/discussions) * Customers: Open a support ticket at [support.nextcloud.com](https://support.nextcloud.com)

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/nextcloud/mail/pull/6600	Issue Tracking Patch Third Party Advisory
https://github.com/nextcloud/mail/pull/6600/commits/6dd2527be8d4f6788b449c8a8f5577628b990605	Patch Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xhv7-5mhv-299j	Exploit Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:nextcloud:nextcloud_mail:*:*:*:*:*:*:*:*

History

29 Jun 2023, 14:51

Type	Values Removed	Values Added
CWE	~~CWE-287~~	CWE-639

14 Jul 2022, 13:20

Type	Values Removed	Values Added
First Time		Nextcloud Nextcloud nextcloud Mail
CPE		cpe:2.3:a:nextcloud:nextcloud_mail::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.0 v3 : 4.3
References	~~(CONFIRM) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xhv7-5mhv-299j -~~	(CONFIRM) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xhv7-5mhv-299j - Exploit, Issue Tracking, Third Party Advisory
References	~~(MISC) https://github.com/nextcloud/mail/pull/6600 -~~	(MISC) https://github.com/nextcloud/mail/pull/6600 - Issue Tracking, Patch, Third Party Advisory
References	~~(MISC) https://github.com/nextcloud/mail/pull/6600/commits/6dd2527be8d4f6788b449c8a8f5577628b990605 -~~	(MISC) https://github.com/nextcloud/mail/pull/6600/commits/6dd2527be8d4f6788b449c8a8f5577628b990605 - Patch, Third Party Advisory

06 Jul 2022, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-07-06 18:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-31131

Mitre link : CVE-2022-31131

CVE.ORG link : CVE-2022-31131

JSON object : View

Products Affected

nextcloud

nextcloud_mail

CWE

CWE-639

Authorization Bypass Through User-Controlled Key

CWE-287

Improper Authentication

4.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2022-31131

4.3^/10

4.0^/10

Attach tags to `CVE-2022-31131`