CVE-2021-32707
Summary
| CVE | CVE-2021-32707 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-07-12 19:15:00 UTC |
| Updated | 2022-10-25 15:41:00 UTC |
| Description | Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attribute. Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage. The issue was patched in version 1.9.6 and 1.10.0. No workarounds are known to exist. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Nextcloud | Nextcloud Mail | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Sanitize urls in css style sheets by st3iny · Pull Request #5189 · nextcloud/mail · GitHub | MISC | github.com | |
| Bypass of image blocking in Nextcloud Mail · Advisory · nextcloud/security-advisories · GitHub | CONFIRM | github.com | |
| HackerOne | MISC | hackerone.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.