CVE-2024-52511Authorization Bypass Through User-Controlled Key in Tables

CWE-639Authorization Bypass Through User-Controlled Key2 documents2 sources
Severity
6.5MEDIUMNVD
CNA6.3
EPSS
0.2%
top 58.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud TablesNextcloud Security-advisories
Timeline
PublishedNov 15

Description

Nextcloud Tables allows users to to create tables with individual columns. By directly specifying the ID of a table or view, a malicious user could blindly insert new rows into tables they have no access to. It is recommended that the Nextcloud Tables is upgraded to 0.8.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDnextcloud/tables0.6.00.8.0
CVEListV5nextcloud/security-advisories>= 0.6.0, < 0.8.0

Patches

Patch: github.com

🔴Vulnerability Details

1
CVEList
Nextcloud Tables has an Authorization Bypass Through User-Controlled Key in Tables2024-11-15
CVE-2024-52511 — Nextcloud Tables vulnerability | cvebase