CVE-2024-52521
LOWNextcloud Server <28.0.10-30.0.0 - Info Disclosure
Title source: llmDescription
Nextcloud Server is a self hosted personal cloud system. MD5 hashes were used to check background jobs for their uniqueness. This increased the chances of a background job with arguments falsely being identified as already existing and not be queued for execution. By changing the Hash to SHA256 the probability was heavily decreased. It is recommended that the Nextcloud Server is upgraded to 28.0.10, 29.0.7 or 30.0.0.
Scores
CVSS v3
2.6
EPSS
0.0077
EPSS Percentile
73.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
Classification
CWE
CWE-328
Status
published
Affected Products (2)
nextcloud/nextcloud_server
< 28.0.10
nextcloud/nextcloud_server
< 28.0.10
Timeline
Published
Nov 15, 2024
Tracked Since
Feb 18, 2026