← Volver a CVEs
CVE-2024-37317
MEDIUM4.6
Descripcion
The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called `Notes/` with a newly created user before they logged in, the Notes app would use that folder store the personal notes. It is recommended that the Nextcloud Notes app is upgraded to 4.9.3.
Detalles CVE
Puntuacion CVSS v3.14.6
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado6/14/2024
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
nextcloud:notes
Debilidades (CWE)
CWE-284CWE-862
Referencias
https://github.com/nextcloud/notes/pull/1260(security-advisories@github.com)
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wfqv-cx85-7rjx(security-advisories@github.com)
https://hackerone.com/reports/2254151(security-advisories@github.com)
https://github.com/nextcloud/notes/pull/1260(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wfqv-cx85-7rjx(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/2254151(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.