exploitDog

CVE-2024-52511

Опубликовано: 15 нояб. 2024

Источник: nvd

CVSS3: 6.3

CVSS3: 6.5

EPSS Низкий

Описание

Nextcloud Tables allows users to to create tables with individual columns. By directly specifying the ID of a table or view, a malicious user could blindly insert new rows into tables they have no access to. It is recommended that the Nextcloud Tables is upgraded to 0.8.0.

Ссылки

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4qqp-9h2g-7qg7
Vendor Advisory
https://github.com/nextcloud/tables/commit/52846ad81fe192ee977f14c82a229b0d9cdc406c
Patch
https://github.com/nextcloud/tables/pull/1351
Issue Tracking
https://hackerone.com/reports/2671404
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nextcloud:tables:*:*:*:*:*:nextcloud:*:*

Версия от 0.6.0 (включая) до 0.8.0 (исключая)

EPSS

Процентиль: 42%

0.00197

Низкий

6.3 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-639

EPSS

Процентиль: 42%

0.00197

Низкий

6.3 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-639