Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like user@example.tld that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would be send to the server of the attacker. It is recommended that the Nextcloud Mail app is upgraded to 1.14.6, 1.15.4, 2.2.11, 3.6.3, 3.7.7 or 4.0.0.
                
            Metrics
Affected Vendors & Products
References
        History
                    Wed, 01 Oct 2025 18:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Nextcloud mail | |
| Weaknesses | NVD-CWE-noinfo | |
| CPEs | cpe:2.3:a:nextcloud:mail:*:*:*:*:*:nextcloud:*:* | |
| Vendors & Products | Nextcloud mail | 
Fri, 15 Nov 2024 19:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Nextcloud Nextcloud nextcloud Mail | |
| CPEs | cpe:2.3:a:nextcloud:nextcloud_mail:*:*:*:*:*:*:*:* | |
| Vendors & Products | Nextcloud Nextcloud nextcloud Mail | |
| Metrics | ssvc 
 | 
Fri, 15 Nov 2024 17:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like user@example.tld that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would be send to the server of the attacker. It is recommended that the Nextcloud Mail app is upgraded to 1.14.6, 1.15.4, 2.2.11, 3.6.3, 3.7.7 or 4.0.0. | |
| Title | Nextcloud Mail auto configurator can be tricked into sending account information to wrong servers | |
| Weaknesses | CWE-200 | |
| References |  | |
| Metrics | cvssV3_1 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-11-15T17:34:21.900Z
Updated: 2024-11-15T18:17:04.830Z
Reserved: 2024-11-11T18:49:23.558Z
Link: CVE-2024-52508
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-11-15T18:16:54.895Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2024-11-15T18:15:29.060
Modified: 2025-10-01T18:10:01.593
Link: CVE-2024-52508
 Redhat
                        Redhat
                    No data.