← Voltar para CVEs
CVE-2024-37317
MEDIUM4.6
Descricao
The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called `Notes/` with a newly created user before they logged in, the Notes app would use that folder store the personal notes. It is recommended that the Nextcloud Notes app is upgraded to 4.9.3.
Detalhes CVE
Pontuacao CVSS v3.14.6
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
Vetor de ataqueNETWORK
ComplexidadeHIGH
Privilegios necessariosLOW
Interacao do usuarioREQUIRED
Publicado6/14/2024
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
nextcloud:notes
Fraquezas (CWE)
CWE-284CWE-862
Referencias
https://github.com/nextcloud/notes/pull/1260(security-advisories@github.com)
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wfqv-cx85-7rjx(security-advisories@github.com)
https://hackerone.com/reports/2254151(security-advisories@github.com)
https://github.com/nextcloud/notes/pull/1260(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wfqv-cx85-7rjx(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/2254151(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.