CVE-2024-37317
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
Summary
The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called Notes/ with a newly created user before they logged in, the Notes app would use that folder store the personal notes. It is recommended that the Nextcloud Notes app is upgraded to 4.9.3.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| nextcloud | security-advisories | >= 4.6.0, < 4.9.3 | affected |
Weaknesses
- CWE-284: CWE-284: Improper Access Control
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wfqv-cx85-7rjx
- https://github.com/nextcloud/notes/pull/1260
- https://hackerone.com/reports/2254151
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wfqv-cx85-7rjx
- https://github.com/nextcloud/notes/pull/1260
- https://hackerone.com/reports/2254151
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.