Depending on the configuration of the instance, the attacker may not need authentication to create or edit notes.
The problem is patched in HedgeDoc 1.7.2.
This issue was discovered by @TobiasHoll and reported to hackmdio/codimd: https://github.com/hackmdio/codimd/issues/1648
### For more information
If you have any questions or comments about this advisory:
* Open an topic on our community forum
* Join our matrix room