diff --git a/src/api/public/notes/notes.controller.spec.ts b/src/api/public/notes/notes.controller.spec.ts
index 117b4fd9f..dead1c5ed 100644
--- a/src/api/public/notes/notes.controller.spec.ts
+++ b/src/api/public/notes/notes.controller.spec.ts
@@ -27,7 +27,10 @@ import { NoteUserPermission } from '../../../permissions/note-user-permission.en
 import { Group } from '../../../groups/group.entity';
 import { GroupsModule } from '../../../groups/groups.module';
 import { ConfigModule } from '@nestjs/config';
+import { MediaModule } from '../../../media/media.module';
+import { MediaUpload } from '../../../media/media-upload.entity';
 import appConfigMock from '../../../config/app.config.mock';
+import mediaConfigMock from '../../../config/media.config.mock';
 
 describe('Notes Controller', () => {
   let controller: NotesController;
@@ -53,9 +56,10 @@ describe('Notes Controller', () => {
         LoggerModule,
         PermissionsModule,
         HistoryModule,
+        MediaModule,
         ConfigModule.forRoot({
           isGlobal: true,
-          load: [appConfigMock],
+          load: [appConfigMock, mediaConfigMock],
         }),
       ],
     })
@@ -85,6 +89,8 @@ describe('Notes Controller', () => {
       .useValue({})
       .overrideProvider(getRepositoryToken(Group))
       .useValue({})
+      .overrideProvider(getRepositoryToken(MediaUpload))
+      .useValue({})
       .compile();
 
     controller = module.get<NotesController>(NotesController);
diff --git a/src/api/public/notes/notes.controller.ts b/src/api/public/notes/notes.controller.ts
index 2185284d0..cf0a905b9 100644
--- a/src/api/public/notes/notes.controller.ts
+++ b/src/api/public/notes/notes.controller.ts
@@ -60,6 +60,8 @@ import {
   successfullyDeletedDescription,
   unauthorizedDescription,
 } from '../../utils/descriptions';
+import { MediaUploadDto } from '../../../media/media-upload.dto';
+import { MediaService } from '../../../media/media.service';
 
 @ApiTags('notes')
 @ApiSecurity('token')
@@ -71,6 +73,7 @@ export class NotesController {
     private revisionsService: RevisionsService,
     private permissionsService: PermissionsService,
     private historyService: HistoryService,
+    private mediaService: MediaService,
   ) {
     this.logger.setContext(NotesController.name);
   }
@@ -389,4 +392,31 @@ export class NotesController {
       throw e;
     }
   }
+
+  @UseGuards(TokenAuthGuard)
+  @Get(':noteIdOrAlias/media')
+  @ApiOkResponse({
+    description: 'All media uploads of the note',
+    isArray: true,
+    type: MediaUploadDto,
+  })
+  @ApiUnauthorizedResponse({ description: unauthorizedDescription })
+  async getNotesMedia(
+    @Req() req: Request,
+    @Param('noteIdOrAlias') noteIdOrAlias: string,
+  ): Promise<MediaUploadDto[]> {
+    try {
+      const note = await this.noteService.getNoteByIdOrAlias(noteIdOrAlias);
+      if (!this.permissionsService.mayRead(req.user, note)) {
+        throw new UnauthorizedException('Reading note denied!');
+      }
+      const media = await this.mediaService.listUploadsByNote(note);
+      return media.map((media) => this.mediaService.toMediaUploadDto(media));
+    } catch (e) {
+      if (e instanceof NotInDBError) {
+        throw new NotFoundException(e.message);
+      }
+      throw e;
+    }
+  }
 }