CVE-2024-37317

medium

Description

The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called `Notes/` with a newly created user before they logged in, the Notes app would use that folder store the personal notes. It is recommended that the Nextcloud Notes app is upgraded to 4.9.3.

References

https://hackerone.com/reports/2254151

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wfqv-cx85-7rjx

https://github.com/nextcloud/notes/pull/1260

Details

Source: Mitre, NVD

Published: 2024-06-14

Updated: 2024-08-19

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Severity: Medium