Vulnerability in Nextcloud Mail

CVE-2023-23944

Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with…

EPSS: 0.005 (37.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.0 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2023-23944?
CVE-2023-23944 is a low-severity vulnerability in Nextcloud Mail, classified under Cleartext Storage of Sensitive Information. CVSS score: 2.0/10. Published 2023-02-06.
How severe is CVE-2023-23944?
Low severity. CVSS v3 base score is 2.0 out of 10.