CVE-2024-52521

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.10 Nextcloud Server versions prior to 29.0.7 Nextcloud Server versions prior to 30.0.0

Description: The issue is related to the use of a reversible one-way hash function in Nextcloud Server, which increases the chances of a background job with arguments being falsely identified as already existing. This was due to the use of MD5 hashes to check background jobs for their uniqueness. By changing the hash to SHA256, the probability of this issue was heavily decreased. The vulnerability can be exploited by a remote attacker to make a background job appear as if it is already existing.

Recommendations: For versions prior to 28.0.10, upgrade to 28.0.10 or later. For versions prior to 29.0.7, upgrade to 29.0.7 or later. For versions prior to 30.0.0, upgrade to 30.0.0 or later.