exploitDog

CVE-2024-52507

Опубликовано: 15 нояб. 2024

Источник: nvd

CVSS3: 3.5

CVSS3: 4.3

EPSS Низкий

Описание

Nextcloud Tables allows users to to create tables with individual columns. The information which Table (numeric ID) is shared with which groups and users and the respective permissions was not limited to affected users. It is recommended that the Nextcloud Tables app is upgraded to 0.8.1.

Ссылки

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rgvc-xr2w-qq45
Vendor Advisory
https://github.com/nextcloud/tables/commit/13ca45f1b9f70f694aea81b78bc7416ec840c332
Patch
https://github.com/nextcloud/tables/pull/1406
Issue Tracking
https://hackerone.com/reports/2705507
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nextcloud:tables:*:*:*:*:*:nextcloud:*:*

Версия от 0.3.0 (включая) до 0.8.1 (исключая)

EPSS

Процентиль: 38%

0.00169

Низкий

3.5 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-639

EPSS

Процентиль: 38%

0.00169

Низкий

3.5 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-639