CVE-2024-52521
LOWDescription
Nextcloud Server is a self hosted personal cloud system. MD5 hashes were used to check background jobs for their uniqueness. This increased the chances of a background job with arguments falsely being identified as already existing and not be queued for execution. By changing the Hash to SHA256 the probability was heavily decreased. It is recommended that the Nextcloud Server is upgraded to 28.0.10, 29.0.7 or 30.0.0.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| nextcloud | nextcloud_server |
| nextcloud | nextcloud_server |
| nextcloud | nextcloud_server |
| nextcloud | nextcloud_server |
References
Frequently Asked Questions
What is CVE-2024-52521? +
How severe is CVE-2024-52521? +
What products are affected by CVE-2024-52521? +
How do I check if I'm vulnerable to CVE-2024-52521? +
Related Vulnerabilities
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically …
Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically …
openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only …
### Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of …
free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API format. In versions up …
LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause …