{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-52507", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-11-11T18:49:23.557Z", "datePublished": "2024-11-15T17:24:50.173Z", "dateUpdated": "2024-11-15T18:21:07.458Z"}, "containers": {"cna": {"title": "Share information of the Nextcloud Tables app is not limited to affected users", "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "lang": "en", "description": "CWE-639: Authorization Bypass Through User-Controlled Key", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rgvc-xr2w-qq45", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rgvc-xr2w-qq45"}, {"name": "https://github.com/nextcloud/tables/pull/1406", "tags": ["x_refsource_MISC"], "url": "https://github.com/nextcloud/tables/pull/1406"}, {"name": "https://github.com/nextcloud/tables/commit/13ca45f1b9f70f694aea81b78bc7416ec840c332", "tags": ["x_refsource_MISC"], "url": "https://github.com/nextcloud/tables/commit/13ca45f1b9f70f694aea81b78bc7416ec840c332"}, {"name": "https://hackerone.com/reports/2705507", "tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/2705507"}], "affected": [{"vendor": "nextcloud", "product": "security-advisories", "versions": [{"version": ">= 0.3.0, < 0.8.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-11-15T17:24:50.173Z"}, "descriptions": [{"lang": "en", "value": "Nextcloud Tables allows users to to create tables with individual columns. The information which Table (numeric ID) is shared with which groups and users and the respective permissions was not limited to affected users. It is recommended that the Nextcloud Tables app is upgraded to 0.8.1."}], "source": {"advisory": "GHSA-rgvc-xr2w-qq45", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-15T18:20:54.777901Z", "id": "CVE-2024-52507", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-15T18:21:07.458Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-52507", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-15T18:20:54.777901Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-15T18:21:02.731Z"}}], "cna": {"title": "Share information of the Nextcloud Tables app is not limited to affected users", "source": {"advisory": "GHSA-rgvc-xr2w-qq45", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "nextcloud", "product": "security-advisories", "versions": [{"status": "affected", "version": ">= 0.3.0, < 0.8.1"}]}], "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rgvc-xr2w-qq45", "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rgvc-xr2w-qq45", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/nextcloud/tables/pull/1406", "name": "https://github.com/nextcloud/tables/pull/1406", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/nextcloud/tables/commit/13ca45f1b9f70f694aea81b78bc7416ec840c332", "name": "https://github.com/nextcloud/tables/commit/13ca45f1b9f70f694aea81b78bc7416ec840c332", "tags": ["x_refsource_MISC"]}, {"url": "https://hackerone.com/reports/2705507", "name": "https://hackerone.com/reports/2705507", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Nextcloud Tables allows users to to create tables with individual columns. The information which Table (numeric ID) is shared with which groups and users and the respective permissions was not limited to affected users. It is recommended that the Nextcloud Tables app is upgraded to 0.8.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639: Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-11-15T17:24:50.173Z"}}}, "cveMetadata": {"cveId": "CVE-2024-52507", "state": "PUBLISHED", "dateUpdated": "2024-11-15T18:21:07.458Z", "dateReserved": "2024-11-11T18:49:23.557Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-11-15T17:24:50.173Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:tables:*:*:*:*:*:nextcloud:*:*", "matchCriteriaId": "F1C74B4B-BCA6-4EC5-A569-EA65272C0BDB", "versionEndExcluding": "0.8.1", "versionStartIncluding": "0.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Nextcloud Tables allows users to to create tables with individual columns. The information which Table (numeric ID) is shared with which groups and users and the respective permissions was not limited to affected users. It is recommended that the Nextcloud Tables app is upgraded to 0.8.1."}, {"lang": "es", "value": "Nextcloud Tables permite a los usuarios crear tablas con columnas individuales. La informaci\u00f3n sobre qu\u00e9 tabla (ID num\u00e9rica) se comparte con qu\u00e9 grupos y usuarios y los permisos respectivos no se limita a los usuarios afectados. Se recomienda que la aplicaci\u00f3n Nextcloud Tables se actualice a la versi\u00f3n 0.8.1."}], "id": "CVE-2024-52507", "lastModified": "2025-10-01T18:11:17.353", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-11-15T18:15:28.847", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rgvc-xr2w-qq45"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/nextcloud/tables/commit/13ca45f1b9f70f694aea81b78bc7416ec840c332"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/nextcloud/tables/pull/1406"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://hackerone.com/reports/2705507"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}