CVE-2023-39955

Опубликовано: 10 авг. 2023

Источник: nvd

CVSS3: 3.5

CVSS3: 6.1

EPSS Низкий

Описание

Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version 4.8.0 contains a patch for the issue. No known workarounds are available.

Ссылки

https://github.com/nextcloud/notes/pull/1031
Patch
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6g88-37x7-4vw6
Patch
Vendor Advisory
https://hackerone.com/reports/1924355
Third Party Advisory
https://github.com/nextcloud/notes/pull/1031
Patch
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6g88-37x7-4vw6
Patch
Vendor Advisory
https://hackerone.com/reports/1924355
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nextcloud:notes:*:*:*:*:*:nextcloud:*:*

Версия от 4.4.0 (включая) до 4.8.0 (исключая)

EPSS

Процентиль: 72%

0.00705

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

EPSS

Процентиль: 72%

0.00705

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79