CVE-2024-52507

{"id": "CVE-2024-52507", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-11-15T18:15:28.847", "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rgvc-xr2w-qq45", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/nextcloud/tables/commit/13ca45f1b9f70f694aea81b78bc7416ec840c332", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/nextcloud/tables/pull/1406", "tags": ["Issue Tracking"], "source": "security-advisories@github.com"}, {"url": "https://hackerone.com/reports/2705507", "tags": ["Issue Tracking"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud Tables allows users to to create tables with individual columns. The information which Table (numeric ID) is shared with which groups and users and the respective permissions was not limited to affected users. It is recommended that the Nextcloud Tables app is upgraded to 0.8.1."}, {"lang": "es", "value": "Nextcloud Tables permite a los usuarios crear tablas con columnas individuales. La informaci\u00f3n sobre qu\u00e9 tabla (ID num\u00e9rica) se comparte con qu\u00e9 grupos y usuarios y los permisos respectivos no se limita a los usuarios afectados. Se recomienda que la aplicaci\u00f3n Nextcloud Tables se actualice a la versi\u00f3n 0.8.1."}], "lastModified": "2025-10-01T18:11:17.353", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:tables:*:*:*:*:*:nextcloud:*:*", "vulnerable": true, "matchCriteriaId": "F1C74B4B-BCA6-4EC5-A569-EA65272C0BDB", "versionEndExcluding": "0.8.1", "versionStartIncluding": "0.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}