Key Information Vulnerability Description Title: Potential hash collision for background jobs could skip queuing them Publisher: nickvergessen Vulnerability ID: GHSA-2q6f-gjgj-7hp4 Release Date: Yesterday Affected Scope Affected Versions: - Nextcloud Server: >= 28.0.0, >= 29.0.0, >= 30.0.0 - Nextcloud Enterprise: >= 28.0.0, >= 29.0.0, >= 30.0.0 Fixed Versions Fixed Versions: - Nextcloud Server: 28.0.10, 29.0.7, 30.0.0 - Nextcloud Enterprise: 28.0.10, 29.0.7, 30.0.0 Severity Severity: Low (2.6 / 10) Impact Description: MD5 hashes were used to check background jobs for their uniqueness. This increased the chances of a background job with arguments falsely being identified as already existing and not being queued for execution. By changing the hash to SHA256, the probability was significantly reduced. Solution Recommendation: Upgrade to version 28.0.10, 29.0.7, or 30.0.0. Workarounds No workarounds available References Reporter: Bundesamt für Sicherheit in der Informationstechnik (BSI) Pull Request: Reported by BSI Additional Information Issues or Comments: Create a post in nextcloud/security-advisories or contact portal.nextcloud.com to open a support ticket. CVE ID CVE-2024-52521 Weakness CWE-328