From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Title: Attachments folder for Text app is accessible on "Files drop" and "Password protected" shares - Publisher: nickvergessen - Published Time: Yesterday - Severity: Low (2.6/10) - Description: Malicious users, after receiving a "Files drop" or "Password protected" share link, can download attachments referenced in Text files without providing a password. 2. Affected Versions: - Nextcloud Server: - >= 28.0.0, >= 29.0.0, >= 30.0.0 - Nextcloud Enterprise Server: - >= 25.0.0, >= 26.0.0, >= 27.0.0, >= 28.0.0, >= 29.0.0, >= 30.0.0 3. Fixed Versions: - Nextcloud Server: - 28.0.11, 29.0.8, 30.0.1 - Nextcloud Enterprise Server: - 25.0.13.13, 26.0.13.9, 27.1.11.9, 28.0.11, 29.0.8, 30.0.1 4. Exploitation Mechanism: - Malicious users download attachments via the link. 5. Recommended Actions: - Upgrade to the recommended versions. 6. References: - HackerOne - PullRequest 7. Additional Information: - A post can be created in nextcloud/security-advisories. - For clients: Open a support ticket at portal.nextcloud.com. This information helps users understand the vulnerability details, affected versions, fixed versions, and how to resolve the issue.