{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T10:23:31.049","vulnerabilities":[{"cve":{"id":"CVE-2024-52508","sourceIdentifier":"security-advisories@github.com","published":"2024-11-15T18:15:29.060","lastModified":"2025-10-01T18:10:01.593","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like user@example.tld that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would be send to the server of the attacker. It is recommended that the Nextcloud Mail app is upgraded to 1.14.6, 1.15.4, 2.2.11, 3.6.3, 3.7.7 or 4.0.0."},{"lang":"es","value":"Nextcloud Mail es la aplicación de correo de Nextcloud, una plataforma de productividad alojada en servidores propios. Cuando un usuario intenta configurar una cuenta de correo con una dirección de correo electrónico como user@example.tld que no admite la configuración automática, y un atacante logra registrar autoconfig.tld, los detalles de correo electrónico utilizados se envían al servidor del atacante. Se recomienda que la aplicación Nextcloud Mail se actualice a 1.14.6, 1.15.4, 2.2.11, 3.6.3, 3.7.7 o 4.0.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:mail:*:*:*:*:*:nextcloud:*:*","versionStartIncluding":"1.9.0","versionEndExcluding":"1.14.6","matchCriteriaId":"000DD4A3-3CD5-44A5-B985-D183855F8A03"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:mail:*:*:*:*:*:nextcloud:*:*","versionStartIncluding":"1.15.0","versionEndExcluding":"1.15.4","matchCriteriaId":"159CA04A-9A62-4760-BB69-2421189F43CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:mail:*:*:*:*:*:nextcloud:*:*","versionStartIncluding":"2.1.0","versionEndExcluding":"2.2.11","matchCriteriaId":"E97F675D-D1A7-4BC3-9FF3-1DC3E489267B"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:mail:*:*:*:*:*:nextcloud:*:*","versionStartIncluding":"3.1.0","versionEndExcluding":"3.6.3","matchCriteriaId":"253BAAFD-A6BC-42B1-9401-AA97CC399F5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:mail:*:*:*:*:*:nextcloud:*:*","versionStartIncluding":"3.7.0","versionEndExcluding":"3.7.7","matchCriteriaId":"2A0AE244-9763-46DA-8DBF-2BA84F8D29BE"}]}]}],"references":[{"url":"https://github.com/nextcloud/mail/commit/a84c70e15d814dab6f0e8eda71bbaaf48152079b","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/nextcloud/mail/pull/9964","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vmhx-hwph-q6mc","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://hackerone.com/reports/2508422","source":"security-advisories@github.com","tags":["Issue Tracking"]}]}}]}