Home > Vulnerability Database > CVE-2024-52521

Mend.io Vulnerability Database

CVE-2024-52521

Date: November 15, 2024

Nextcloud Server is a self hosted personal cloud system. MD5 hashes were used to check background jobs for their uniqueness. This increased the chances of a background job with arguments falsely being identified as already existing and not be queued for execution. By changing the Hash to SHA256 the probability was heavily decreased. It is recommended that the Nextcloud Server is upgraded to 28.0.10, 29.0.7 or 30.0.0.

Language: PHP

Severity Score

2.6

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-52521

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2q6f-gjgj-7hp4

Url: https://github.com/nextcloud/server/commit/a933ba1fdba77e7d8c6b8ff400e082cf853ea46d

Url: https://github.com/nextcloud/server/pull/47769

Url: https://www.mend.io/vulnerability-database/CVE-2024-52521

Severity Score

2.6

Weakness Type (CWE)

Use of Weak Hash

CWE-328

CVSS v3.1

Base Score:	2.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-52521

Date: November 15, 2024

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?