Authorization bypass through user-controlled key in Nextcloud Mail

#VU65374 Authorization bypass through user-controlled key in Nextcloud Mail

Published: 2022-07-18

Vulnerability identifier: #VU65374

Vulnerability risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-31131

CWE-ID: CWE-639

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Nextcloud Mail
Web applications / Modules and components for CMS

Vendor: Nextcloud

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to missing ownership check when updating or deleting mail attachments. A remote user can cause the attachment is unavailable for the given message in the outbox.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Nextcloud Mail: 1.0.0 - 1.12.1

External links
http://github.com/nextcloud/mail/pull/6600/commits/6dd2527be8d4f6788b449c8a8f5577628b990605
http://github.com/nextcloud/security-advisories/security/advisories/GHSA-xhv7-5mhv-299j
http://github.com/nextcloud/mail/pull/6600

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Authorization bypass through user-controlled key in Nextcloud Mail