Key Information 1. Vulnerability Description: - Title: Attachments folder for Text app is accessible on Files Drop/Password protected shares - Reported Time: February 17, 2024, 12:32am UTC - Reporter: lukasreschke 2. Vulnerability Details: - Type: Information Disclosure - Severity: Low (2.6) - CVE ID: CVE-2024-52513 3. Report Status: - Status: Resolved - Disclosure Time: November 15, 2024, 1:15pm UTC 4. Participants: - Reporter: lukasreschke - Nextcloud Staff: nickvergessen 5. Bounty: - Bounty Status: Hidden - Bounty Amount: None 6. Timeline: - Submission Time: February 17, 2024, 2:39am UTC - Status Changes: - February 17, 2024, 2:39am UTC: Status changed to Triaged - April 5, 2024, 4:27pm UTC: Comment posted - April 8, 2024, 9:40am UTC: Comment posted - June 5, 2024, 1:32pm UTC: Comment posted - October 8, 2024, 7:08am UTC: Report closed and status changed to Resolved - October 8, 2024, 8:08am UTC: Comment posted - 11 days ago: Bounty rewarded - 10 days ago: Request to disclose - 2 days ago: Comment posted - 2 days ago: CVE reference updated - a day ago: Agreed to disclose Summary This vulnerability report describes an issue where the attachments folder for the Text app is accessible on Files Drop/password-protected shares. The vulnerability was classified as low severity and has been resolved. The reporter and Nextcloud staff participated in the handling process. Bounty information is hidden, and no monetary reward was given. The timeline details each stage of the vulnerability report and resolution process.