5.3
CVE-2025-66513
- EPSS 0.02%
- Veröffentlicht 05.12.2025 17:11:19
- Zuletzt bearbeitet 09.12.2025 19:32:45
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginNextcloud Tables app share information not limited to relevant users
Tables app share information not limited to relevant users
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table (numeric ID) is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9, 0.9.6, and 1.0.1.
Mögliche Gegenmaßnahme
Tables: * Disable Tables app
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Weitere Schwachstelleninformationen
SystemNextcloud App
≫
Produkt
Tables
Version
>= 0.6.0, < 0.8.9
Version
>= 0.9.0, < 0.9.6
Version
>= 1.0.0, < 1.0.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.041 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| security-advisories@github.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.