关键信息 1. 漏洞描述: - 标题: Attachments folder for Text app is accessible on Files Drop/Password protected shares - 报告时间: February 17, 2024, 12:32am UTC - 报告者: lukasreschke 2. 漏洞详情: - 漏洞类型: Information Disclosure (信息泄露) - 严重性: Low (2.6) - CVE ID: CVE-2024-52513 3. 报告状态: - 状态: Resolved (已解决) - 披露时间: November 15, 2024, 1:15pm UTC 4. 参与者: - 报告者: lukasreschke - Nextcloud Staff: nickvergessen 5. 奖励: - 奖励状态: Hidden (隐藏) - 奖励金额: None (无) 6. 时间线: - 提交时间: February 17, 2024, 2:39am UTC - 状态变更: - February 17, 2024, 2:39am UTC: Status changed to Triaged - April 5, 2024, 4:27pm UTC: Comment posted - April 8, 2024, 9:40am UTC: Comment posted - June 5, 2024, 1:32pm UTC: Comment posted - October 8, 2024, 7:08am UTC: Report closed and status changed to Resolved - October 8, 2024, 8:08am UTC: Comment posted - 11 days ago: Bounty rewarded - 10 days ago: Request to disclose - 2 days ago: Comment posted - 2 days ago: CVE reference updated - a day ago: Agreed to disclose 总结 这个漏洞报告描述了一个文本应用的附件文件夹在文件共享/密码保护共享中可访问的问题。漏洞被标记为低严重性,并已解决。报告者和Nextcloud工作人员参与了漏洞的处理过程。奖励信息被隐藏,且没有奖励金额。时间线详细记录了漏洞报告和处理的各个阶段。