{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T13:29:35.745","vulnerabilities":[{"cve":{"id":"CVE-2023-48307","sourceIdentifier":"security-advisories@github.com","published":"2023-11-21T23:15:07.807","lastModified":"2024-11-21T08:31:27.360","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 contain a patch for this issue. As a workaround, disable the mail app."},{"lang":"es","value":"Nextcloud Mail es la aplicación de correo de Nextcloud, una plataforma de productividad autohospedada. A partir de la versión 1.13.0 y anteriores a las versiones 2.2.8 y 3.3.0, un atacante puede utilizar un endpoint desprotegido en la aplicación de correo para realizar un ataque SSRF. Las versiones 2.2.8 y 3.3.0 de la aplicación Nextcloud Mail contienen un parche para este problema. Como workaround, desactive la aplicación de correo."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.1,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:mail:*:*:*:*:*:*:*:*","versionStartIncluding":"1.13.0","versionEndExcluding":"2.2.8","matchCriteriaId":"54F82061-3A70-47D7-9E95-26B10CA3553A"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:mail:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.3.0","matchCriteriaId":"98F3704F-323A-4BC4-BC5F-259C8648CB97"}]}]}],"references":[{"url":"https://github.com/nextcloud/mail/pull/8709","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4pp4-m8ph-2999","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://hackerone.com/reports/1869714","source":"security-advisories@github.com","tags":["Permissions Required"]},{"url":"https://github.com/nextcloud/mail/pull/8709","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4pp4-m8ph-2999","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://hackerone.com/reports/1869714","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]}]}}]}