The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called `Notes/` with a newly created user before they logged in, the Notes app would use that folder store the personal notes. It is recommended that the Nextcloud Notes app is upgraded to 4.9.3.
References
Link | Resource |
---|---|
https://github.com/nextcloud/notes/pull/1260 | Patch |
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wfqv-cx85-7rjx | Third Party Advisory |
https://hackerone.com/reports/2254151 | Issue Tracking |
https://github.com/nextcloud/notes/pull/1260 | Patch |
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wfqv-cx85-7rjx | Third Party Advisory |
https://hackerone.com/reports/2254151 | Issue Tracking |
Configurations
History
21 Nov 2024, 09:23
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/nextcloud/notes/pull/1260 - Patch | |
References | () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wfqv-cx85-7rjx - Third Party Advisory | |
References | () https://hackerone.com/reports/2254151 - Issue Tracking |
19 Aug 2024, 15:42
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:nextcloud:notes:*:*:*:*:*:nextcloud:*:* | |
CWE | CWE-862 | |
First Time |
Nextcloud notes
Nextcloud |
|
References | () https://github.com/nextcloud/notes/pull/1260 - Patch | |
References | () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wfqv-cx85-7rjx - Third Party Advisory | |
References | () https://hackerone.com/reports/2254151 - Issue Tracking |
17 Jun 2024, 12:42
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
14 Jun 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-14 16:15
Updated : 2024-11-21 09:23
NVD link : CVE-2024-37317
Mitre link : CVE-2024-37317
CVE.ORG link : CVE-2024-37317
JSON object : View
Products Affected
nextcloud
- notes