From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Vulnerability Name: Mail app does not respect download permissions in shares - Publisher: nickvergessen - Vulnerability ID: GHSA-pwpp-fvcr-w862 - Release Date: Yesterday 2. Vulnerability Impact: - Affected Versions: >= 2.2.0, >= 3.6.0, >= 3.7.0 - Fixed Versions: 2.2.10, 3.6.2, 3.7.2 3. Vulnerability Severity: - Severity Level: Low - CVSS v3 Base Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: Required - Scope: Unchanged - Confidentiality: Low - Integrity: None - Availability: None 4. Vulnerability Description: - The Nextcloud mail app allows users to send shared files as attachments even when they do not have download permissions. This enables users to download these files within their email client. 5. Remediation Recommendation: - Upgrade to version 2.2.10, 3.6.2, or 3.7.2. 6. Workaround: - Disable the Mail app. 7. Reference Links: - HackerOne - PullRequest 8. Additional Information: - You can create a post at nextcloud/security-advisories or open a support ticket via portal.nextcloud.com. This information helps users understand the details of the vulnerability, the affected scope, and how to remediate or work around the issue.