CVE-2024-52520

Nextcloud Server is a self hosted personal cloud system. Due to a pre-flighted HEAD request, the link reference provider could be tricked into downloading bigger websites than intended, to find open-graph data. It is recommended that the Nextcloud Server is upgraded to 28.0.10 or 29.0.7 and...

CVE-2024-52521

Nextcloud Server is a self hosted personal cloud system. MD5 hashes were used to check background jobs for their uniqueness. This increased the chances of a background job with arguments falsely being identified as already existing and not be queued for execution. By changing the Hash to SHA256 t...

CVE-2024-52519

CVE-2024-52519 affects Nextcloud Server and Nextcloud Enterprise Server. The issue is that OAuth2 client secrets were stored in a recoverable form, enabling an attacker with access to a database backup and the Nextcloud config file to decrypt them. Public documentation in the provided sources rec...

CVE-2024-52519 Nextcloud Server's OAuth2 client secrets were stored in a recoverable way

Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgrade...

CVE-2024-52520

The CVE-2024-52520 entries describe a vulnerability in Nextcloud Server where a pre-flighted HEAD request allows the link reference provider to be tricked into downloading larger websites than intended to extract open-graph data. Affected software includes Nextcloud Server and Enterprise Server w...