5.3
CVE-2020-8228
- EPSS 0.45%
- Veröffentlicht 05.10.2020 14:15:13
- Zuletzt bearbeitet 21.11.2024 05:38:32
- Quelle support@hackerone.com
- CVE-Watchlists
- Unerledigt
LoginA missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nextcloud ≫ Preferred Providers Version1.7.0
Opensuse ≫ Backports Sle Version15.0 Updatesp1
Opensuse ≫ Backports Sle Version15.0 Updatesp2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.45% | 0.629 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-307 Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.