Description
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerability is fixed in 0.8.7 and 0.9.4.
References (4)
Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-p53h-6294-crjw
Issue Tracking x_refsource_misc
https://github.com/nextcloud/tables/pull/1891
Patch x_refsource_misc
https://github.com/nextcloud/tables/commit/e975f5bfedb6922f04cdd236cde4e26067fe064e
Issue Tracking, Vendor Advisory x_refsource_misc
https://hackerone.com/reports/3138721
Scores
CVSS v3
4.3
EPSS
0.0002
EPSS Percentile
6.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-639
Status
published
Products (1)
nextcloud/tables
0.8.0 - 0.8.7
Published
Dec 05, 2025
Tracked Since
Feb 18, 2026