CVE-2024-37317
low-risk
Published 2024-06-14
The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called `Notes/` with a newly created user before they logged in, the Notes app would use that folder store the personal notes. It is recommended that the Nextcloud Notes app is upgraded to 4.9.3.
Do I need to act?
-
0.14% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.6/10
Medium
NETWORK
/ HIGH complexity
Affected Products (1)
Notes
Affected Vendors
References (6)
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wfqv-c...
Issue Tracking
https://hackerone.com/reports/2254151
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wfqv-c...
Issue Tracking
https://hackerone.com/reports/2254151
21
/ 100
low-risk
Severity
15/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal