Vulnerability in Nextcloud Mail
CVE-2023-23944
Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with…
EPSS: 0.005 (37.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 2.0 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N.
Affected products
- Nextcloud Mail
- Nextcloud Security-advisories — versions < 2.2.2
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM, Vendor Advisory)
- security-advisories@github.com (Patch, x_refsource_MISC)
- security-advisories@github.com (Permissions Required, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2023-23944?
- CVE-2023-23944 is a low-severity vulnerability in Nextcloud Mail, classified under Cleartext Storage of Sensitive Information. CVSS score: 2.0/10. Published 2023-02-06.
- How severe is CVE-2023-23944?
- Low severity. CVSS v3 base score is 2.0 out of 10.