Unrated severityNVD Advisory· Published Nov 15, 2024· Updated Nov 15, 2024
Nextcloud Tables has an Authorization Bypass Through User-Controlled Key in Tables
CVE-2024-52511
Description
Nextcloud Tables allows users to to create tables with individual columns. By directly specifying the ID of a table or view, a malicious user could blindly insert new rows into tables they have no access to. It is recommended that the Nextcloud Tables is upgraded to 0.8.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- nextcloud/security-advisoriesv5Range: >= 0.6.0, < 0.8.0
Patches
Vulnerability mechanics
References
4- github.com/nextcloud/security-advisories/security/advisories/GHSA-4qqp-9h2g-7qg7mitrex_refsource_CONFIRM
- github.com/nextcloud/tables/commit/52846ad81fe192ee977f14c82a229b0d9cdc406cmitrex_refsource_MISC
- github.com/nextcloud/tables/pull/1351mitrex_refsource_MISC
- hackerone.com/reports/2671404mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.