Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-37317

The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called `Notes/` with a newly created user before they logged in, the Notes app would use that folder store the personal notes. It is recommended that the Nextcloud Notes app is upgraded to 4.9.3.

Published

2024-06-14T16:15:11.960

Last Modified

2024-11-21T09:23:35.997

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.6 (MEDIUM)

Weaknesses

Type: Secondary
CWE-284
Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	notes	< 4.9.3	Yes

References

https://github.com/nextcloud/notes/pull/1260 Patch ([email protected])
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wfqv-cx85-7rjx Third Party Advisory ([email protected])
https://hackerone.com/reports/2254151 Issue Tracking ([email protected])
https://github.com/nextcloud/notes/pull/1260 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wfqv-cx85-7rjx Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/2254151 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)