Home > Vulnerability Database > CVE-2024-52507

Mend.io Vulnerability Database

CVE-2024-52507

Date: November 15, 2024

Nextcloud Tables allows users to to create tables with individual columns. The information which Table (numeric ID) is shared with which groups and users and the respective permissions was not limited to affected users. It is recommended that the Nextcloud Tables app is upgraded to 0.8.1.

Language: PHP

Severity Score

3.5

Related Resources (6)

Url: https://github.com/nextcloud/tables/commit/13ca45f1b9f70f694aea81b78bc7416ec840c332

Url: https://hackerone.com/reports/2705507

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-52507

Url: https://github.com/nextcloud/tables/pull/1406

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rgvc-xr2w-qq45

Url: https://www.mend.io/vulnerability-database/CVE-2024-52507

Severity Score

3.5

Weakness Type (CWE)

Authorization Bypass Through User-Controlled Key

CWE-639

CVSS v3.1

Base Score:	3.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-52507

Date: November 15, 2024

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?