CVE-2024-37317 Information

Description

The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called Notes/ with a newly created user before they logged in the Notes app would use that folder store the personal notes. It is recommended that the Nextcloud Notes app is upgraded to 4.9.3.

Reference

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wfqv-cx85-7rjx https://github.com/nextcloud/notes/pull/1260 https://hackerone.com/reports/2254151