CVE-2022-31132 – Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected …

4 August 2022

Vuln ID: CVE-2022-31132

Published: 2022-08-04 17:15:08Z

Description: Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path `./vendor/cerdic/css-tidy/css_optimiser.php`. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery (SSRF). It is recommendet to upgrade to Mail 1.12.7 or Mail 1.13.6. Users unable to upgrade may manually delete the file located at `./vendor/cerdic/css-tidy/css_optimiser.php`

Source: NVD.NIST.GOV

Date:

4 August 2022

Categorie(s):

NVD

Tag(s):

NVD

Security, automation and developer experience: The top DevOps trends of 202416 April 2024
Alleged cryptojacker accused of stealing $3.5M from cloud to mine under $1M in crypto16 April 2024
US Senate to Vote on a Wiretap Bill That Critics Call ‘Stasi-Like’16 April 2024
PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497)16 April 2024
Why enterprises are going hybrid and returning to colo!16 April 2024