CVE-2024-37317
CVSS V2 None
CVSS V3 None
Description
The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called `Notes/` with a newly created user before they logged in, the Notes app would use that folder store the personal notes. It is recommended that the Nextcloud Notes app is upgraded to 4.9.3.
Overview
- CVE ID
- CVE-2024-37317
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-06-14T15:25:24.475Z
- Last Modified Date
- 2024-06-14T16:57:05.962Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wfqv-cx85-7rjx | x_refsource_CONFIRM |
| https://github.com/nextcloud/notes/pull/1260 | x_refsource_MISC |
| https://hackerone.com/reports/2254151 | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-37317 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37317 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 01:23:13 | Added to TrackCVE |