Ability to read any emails through IDOR on Nextcloud Mail
·1 min·
0
·
0
·
Nextcloud
bugbounty
CVE-2023-25160
Table of Contents
An attacker can access the mail box by ID getting the subjects and the first characters of the emails.
References #
- https://hackerone.com/reports/1784681
- https://nvd.nist.gov/vuln/detail/CVE-2023-25160
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m45f-r5gh-h6cx