4.3
CVE-2026-45544
- EPSS 0.22%
- Veröffentlicht 01.06.2026 17:03:06
- Zuletzt bearbeitet 04.06.2026 16:47:54
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Nextcloud: Information Disclosure of view filter metdata via Broken Sensitive Data Masking in ViewService
Information Disclosure of view filter metadata via Broken Sensitive Data Masking in ViewService
Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. This issue has been patched in versions 1.0.4 and 2.0.0.
Mögliche Gegenmaßnahme
Tables: * Disable app Tables
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.125 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-1230 Exposure of Sensitive Information Through Metadata
The product prevents direct access to a resource containing sensitive information, but it does not sufficiently limit access to metadata that is derived from the original, sensitive information.
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vvxm-6jjp-m9mp
https://github.com/nextcloud/tables/pull/2312
https://hackerone.com/reports/3483753
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vvxm-6jjp-m9mp