CVE-2024-52507 LOW

CVE-2024-52507: Share information of the Nextcloud Tables app is not limited to affected users

Vendor Nextcloud
Product security-advisories
Weakness CWE-639 · IDOR
Published November 15, 2024
Last update November 15, 2024

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Nextcloud Tables allows users to to create tables with individual columns. The information which Table (numeric ID) is shared with which groups and users and the respective permissions was not limited to affected users. It is recommended that the Nextcloud Tables app is upgraded to 0.8.1.

Key dates

02Disclosure timeline

November 15, 2024 CVE published
November 15, 2024 Record updated