CVE-2023-39955
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Aug 10, 2023
Updated: Aug 16, 2023
CWE ID 79
Summary
CVE-2023-39955 is a vulnerability affecting the Notes app in Nextcloud versions 4.4.0 to 4.7.9. With this issue, when creating an HTML note file, the application renders the content in the preview, rather than offering the file for download. This behavior can expose sensitive information contained in the HTML notes. Users are advised to update to Nextcloud Notes version 4.8.0, which includes a patch for the vulnerability. No known workarounds are available.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- NextCloud Notes
Affected Vendors
- Nextcloud GmbH