Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-52511

Nextcloud Tables allows users to to create tables with individual columns. By directly specifying the ID of a table or view, a malicious user could blindly insert new rows into tables they have no access to. It is recommended that the Nextcloud Tables is upgraded to 0.8.0.

Published

2024-11-15T18:15:29.717

Last Modified

2025-10-01T18:06:43.933

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-639

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	tables	< 0.8.0	Yes

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4qqp-9h2g-7qg7 Vendor Advisory ([email protected])
https://github.com/nextcloud/tables/commit/52846ad81fe192ee977f14c82a229b0d9cdc406c Patch ([email protected])
https://github.com/nextcloud/tables/pull/1351 Issue Tracking ([email protected])
https://hackerone.com/reports/2671404 Issue Tracking ([email protected])