Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-32707 - log back

CVE-2021-32707 edited at 13 Jul 2021 10:40:58

Severity

-	Unknown
+	Low

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Information disclosure

Description

+

In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with `background-image` CSS attribute. Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage.

References

+	https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xxp4-44xc-8crh
+	https://hackerone.com/reports/1215251
+	https://github.com/nextcloud/mail/pull/5189
+	https://github.com/nextcloud/mail/commit/e54c2331f4b98cc39a5b3899c8ed1468dfc5cc30

Notes

CVE-2021-32707 created at 13 Jul 2021 10:38:59