Vulnerability Description
The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called `Notes/` with a newly created user before they logged in, the Notes app would use that folder store the personal notes. It is recommended that the Nextcloud Notes app is upgraded to 4.9.3.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Notes | >= 4.6.0, < 4.9.3 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/notes/pull/1260Patch
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wfqv-cThird Party Advisory
- https://hackerone.com/reports/2254151Issue Tracking
- https://github.com/nextcloud/notes/pull/1260Patch
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wfqv-cThird Party Advisory
- https://hackerone.com/reports/2254151Issue Tracking
FAQ
What is CVE-2024-37317?
CVE-2024-37317 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called `Notes/` with a newly created user before they logged in, the Notes app wo...
How severe is CVE-2024-37317?
CVE-2024-37317 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-37317?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Notes.