Upgrade Notes App to Mitigate Security Risk
CVE-2024-37317

4.6MEDIUM

Key Information:

Vendor: Nextcloud
Status: Security-advisories
Vendor: CVE Published:; 14 June 2024

🔔 Create Nextcloud Vulnerability Alert

What is CVE-2024-37317?

The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called Notes/ with a newly created user before they logged in, the Notes app would use that folder store the personal notes. It is recommended that the Nextcloud Notes app is upgraded to 4.9.3.

Affected Version(s)

security-advisories >= 4.6.0, < 4.9.3

References

https://github.com/nextcloud/security-advisories/security...

x_refsource_CONFIRM

https://github.com/nextcloud/notes/pull/1260

x_refsource_MISC

https://hackerone.com/reports/2254151

x_refsource_MISC

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 14, 2024
Vulnerability Reserved
Jun 5, 2024

.