CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
30.5%
Severity: Low
Date : 2021-07-20
CVE-ID : CVE-2021-32707
Package : nextcloud-app-mail
Type : information disclosure
Remote : Yes
Link : https://security.archlinux.org/AVG-2145
The package nextcloud-app-mail before version 1.10.1-1 is vulnerable to
information disclosure.
Upgrade to 1.10.1-1.
The problem has been fixed upstream in version 1.10.1.
None.
In versions prior to 1.9.6, the Nextcloud Mail application does not, by
default, render images in emails to not leak the read state. The
privacy filter failed to filter images with background-image
CSS
attribute. Note that the images were still passed through the Nextcloud
image proxy, and thus there was no IP leakage.
A remote attacker could disclose whether an email message has been read
by embedding a remote CSS background image.
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xxp4-44xc-8crh
https://hackerone.com/reports/1215251
https://github.com/nextcloud/mail/pull/5189
https://github.com/nextcloud/mail/commit/e54c2331f4b98cc39a5b3899c8ed1468dfc5cc30
https://security.archlinux.org/CVE-2021-32707
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | nextcloud-app-mail | < 1.10.1-1 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
30.5%