Home > Vulnerability Database > CVE-2024-37317

Mend.io Vulnerability Database

CVE-2024-37317

Date: June 14, 2024

The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called "Notes/" with a newly created user before they logged in, the Notes app would use that folder store the personal notes. It is recommended that the Nextcloud Notes app is upgraded to 4.9.3.

Language: PHP

Severity Score

4.6

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-37317

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wfqv-cx85-7rjx

Url: https://hackerone.com/reports/2254151

Url: https://github.com/nextcloud/notes/pull/1260

Url: https://www.mend.io/vulnerability-database/CVE-2024-37317

Severity Score

4.6

Weakness Type (CWE)

Improper Access Control

CWE-284

Missing Authorization

CWE-862

CVSS v3.1

Base Score:	4.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-37317

Date: June 14, 2024

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?