CVE-2023-33184
LowCVSS 3.5Exploitation Probability (EPSS)
Low risk40th percentile — higher than 40% of all known CVEs
Summary
Nextcloud Mail is a mail app in Nextcloud that is vulnerable to a blind SSRF attack. This attack allows sending GET requests to services running on the same web server.
Risk Assessment
An attacker could exploit this vulnerability to access internal services, potentially leading to the disclosure of sensitive information or further attacks on the infrastructure.
Recommendation
It is recommended to update the Mail app to version 3.02, 2.2.5, or 1.15.3 to mitigate the risks associated with this vulnerability.
Original NVD description (English source)
Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.

