CVE-2024-52507Authorization Bypass Through User-Controlled Key in Tables

CWE-639Authorization Bypass Through User-Controlled Key3 documents3 sources
Severity
4.3MEDIUMNVD
CNA3.5
EPSS
0.2%
top 61.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud TablesNextcloud Security-advisories
Timeline
PublishedNov 15
Latest updateDec 5

Description

Nextcloud Tables allows users to to create tables with individual columns. The information which Table (numeric ID) is shared with which groups and users and the respective permissions was not limited to affected users. It is recommended that the Nextcloud Tables app is upgraded to 0.8.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDnextcloud/tables0.3.00.8.1
CVEListV5nextcloud/security-advisories>= 0.3.0, < 0.8.1

Patches

Patch: github.com

🔴Vulnerability Details

1
CVEList
Share information of the Nextcloud Tables app is not limited to affected users2024-11-15

💬Community

1
HackerOne
Nextcloud Tables v1 Share Enumeration Without Authorization (Regression of CVE-2024-52507)2025-12-05
CVE-2024-52507 — Nextcloud Tables vulnerability | cvebase