4.3

CVE-2024-52507

Share information of the Nextcloud Tables app is not limited to affected users

Share information of Tables app is not limited to affected users

Nextcloud Tables allows users to to create tables with individual columns. The information which Table (numeric ID) is shared with which groups and users and the respective permissions was not limited to affected users. It is recommended that the Nextcloud Tables app is upgraded to 0.8.1.
Mögliche Gegenmaßnahme
Tables: * Disable app tables
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NextcloudTables SwPlatformnextcloud Version >= 0.3.0 < 0.8.1
Weitere Schwachstelleninformationen
SystemNextcloud App
Produkt Tables
Version >= 0.3.0, < 0.8.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.332
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
security-advisories@github.com 3.5 2.1 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.