Nextcloud Tables Share Enumeration Vulnerability

A vulnerability in Nextcloud Tables prior to versions 0.8.9, 0.9.6, and 1.0.1 allows for unauthorized sharing information to be accessed. This issue, which affects versions 0.6.0 and 0.7.0, stems from the application's failure to restrict visibility of table sharing details—such as which users or groups have access and what permissions they hold—to only privileged users. As a result, users without the necessary rights can enumerate shared tables and their associated permissions, potentially leading to unauthorized access or actions.

Impact

Exploitation of this vulnerability allows for unauthorized enumeration of shared tables and their permissions, creating a risk of improper access or actions based on the shared information.

Reproduction

The vulnerability can be reproduced by creating a table in Nextcloud Tables and sharing it with different users. A user without the appropriate permissions can then access the sharing information, including which tables are shared with which users and the corresponding permissions. This can be done through the Nextcloud Tables API, specifically by fetching share details for tables or views.

Remediation

Users are advised to update the Nextcloud Tables app to version 0.8.9, 0.9.6, or 1.0.1. Instructions for updating can be found on the Nextcloud Tables GitHub repository.