We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-52521

Nextcloud Server has a potential hash collision for background jobs could skip queuing them



Description

Nextcloud Server is a self hosted personal cloud system. MD5 hashes were used to check background jobs for their uniqueness. This increased the chances of a background job with arguments falsely being identified as already existing and not be queued for execution. By changing the Hash to SHA256 the probability was heavily decreased. It is recommended that the Nextcloud Server is upgraded to 28.0.10, 29.0.7 or 30.0.0.

Reserved 2024-11-11 | Published 2024-11-15 | Updated 2024-11-15 | Assigner GitHub_M


LOW: 2.6CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

Problem types

CWE-328: Use of Weak Hash

Product status

>= 28.0.0, < 28.0.10
affected

>= 29.0.0, < 29.0.7
affected

References

github.com/...sories/security/advisories/GHSA-2q6f-gjgj-7hp4

github.com/nextcloud/server/pull/47769

github.com/...ommit/a933ba1fdba77e7d8c6b8ff400e082cf853ea46d

cve.org (CVE-2024-52521)

nvd.nist.gov (CVE-2024-52521)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-52521

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.