4.3

CVE-2026-45544

Nextcloud: Information Disclosure of view filter metdata via Broken Sensitive Data Masking in ViewService

Information Disclosure of view filter metadata via Broken Sensitive Data Masking in ViewService

Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. This issue has been patched in versions 1.0.4 and 2.0.0.
Mögliche Gegenmaßnahme
Tables: * Disable app Tables
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NextcloudTables SwPlatformnextcloud Version >= 0.8.0 < 1.0.4
Weitere Schwachstelleninformationen
SystemNextcloud App
Produkt Tables
Version >= 0.8.0, < 1.0.4
Version >= 2.0.0, < 2.0.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.125
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security-advisories@github.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-1230 Exposure of Sensitive Information Through Metadata

The product prevents direct access to a resource containing sensitive information, but it does not sufficiently limit access to metadata that is derived from the original, sensitive information.

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vvxm-6jjp-m9mp
Vendor Advisory
Mitigation
https://github.com/nextcloud/tables/pull/2312
Patch
Issue Tracking
https://hackerone.com/reports/3483753
Permissions Required
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vvxm-6jjp-m9mp
Third Party Advisory