5.3
CVE-2020-8228
- EPSS 0.45%
- Published 05.10.2020 14:15:13
- Last modified 21.11.2024 05:38:32
- Source support@hackerone.com
- Teams watchlist Login
- Open Login
A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.
Data is provided by the National Vulnerability Database (NVD)
Nextcloud ≫ Preferred Providers Version1.7.0
Opensuse ≫ Backports Sle Version15.0 Updatesp1
Opensuse ≫ Backports Sle Version15.0 Updatesp2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.45% | 0.629 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-307 Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.