Data Exposure Risk in Nextcloud Tables App
CVE-2024-52507

Currently unrated

Key Information:

Vendor: Nextcloud
Status: Nextcloud Tables
Vendor: CVE Published:; 15 November 2024

What is CVE-2024-52507?

The Nextcloud Tables app has a vulnerability that permits unauthorized access to information pertaining to table configurations—specifically, the numeric ID designating which tables are shared with which users and groups, along with their respective permissions. This lack of restriction allows affected users to potentially gain insight into other users' permissions and access levels. To mitigate this risk, it is crucial to upgrade the Nextcloud Tables app to version 0.8.1, which addresses the permissions oversight and enhances the security framework of the application.

References

https://github.com/nextcloud/security-advisories/security...

https://github.com/nextcloud/tables/pull/1406

https://github.com/nextcloud/tables/commit/13ca45f1b9f70f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2024