Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nextcloud Notes app can be tricked into using a received share created before the user logged in
Vulnerability Description
The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called `Notes/` with a newly created user before they logged in, the Notes app would use that folder store the personal notes. It is recommended that the Nextcloud Notes app is upgraded to 4.9.3.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
访问控制不恰当
Vulnerability Title
Nextcloud 安全漏洞
Vulnerability Description
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud Notes 4.6.0及之前版本存在安全漏洞,该漏洞源于如果攻击者在新创建的用户登录之前设法与其共享名为Notes的文件夹,Notes应用程序将使用该文件夹存储个人笔记。
CVSS Information
N/A
Vulnerability Type
N/A