Vulnerabilities > CVE-2023-39955 - Unspecified vulnerability in Nextcloud Notes

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

nextcloud

NVD

Published: 2023-08-10

Updated: 2024-11-21

Summary

Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version 4.8.0 contains a patch for the issue. No known workarounds are available.

Vulnerable Configurations

Part	Description	Count
Application	Nextcloud Nextcloud Notes 4.4.0 Nextcloud Notes 4.5.0 Nextcloud Notes 4.5.1 Nextcloud Notes 4.6.0 Nextcloud Notes 4.7.0 Nextcloud Notes 4.7.1 Nextcloud Notes 4.7.2	7

References

https://github.com/nextcloud/notes/pull/1031
https://github.com/nextcloud/notes/pull/1031
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6g88-37x7-4vw6
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6g88-37x7-4vw6
https://hackerone.com/reports/1924355
https://hackerone.com/reports/1924355