How severe is CVE-2024-52521?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-52521?

This is classified as CWE-328, which is a common weakness in software security.

CVE-2024-52521 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Nextcloud Server is a self hosted personal cloud system. MD5 hashes were used to check background jobs for their uniqueness. This increased the chances of a background job with arguments falsely being identified as already existing and not be queued for execution. By changing the Hash to SHA256 the probability was heavily decreased. It is recommended that the Nextcloud Server is upgraded to 28.0.10, 29.0.7 or 30.0.0.

Related Vulnerabilities

CVE-2022-29835

MEDIUM

CVSS:5.3(Medium)

WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algor...

CWE-3282022

CVE-2023-0452

MEDIUM

CVSS:5.3(Medium)

Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypti...

CWE-3282023

CVE-2024-34914

MEDIUM

CVSS:5.3(Medium)

php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. This allows attackers to bruteforce to bruteforce the remember_key value to gain a...

CWE-3282024

CVE-2024-56414

MEDIUM

CVSS:5.5(Medium)

Web installer integrity check used weak hash algorithm. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.

CWE-3282024

CVE-2023-44319

MEDIUM

CVSS:4.9(Medium)

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB ...

CWE-3282023

CVE-2024-8453

MEDIUM

CVSS:4.9(Medium)

Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files t...

CWE-3282024