6.5

CVE-2020-8293

A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NextcloudNextcloud Server Version < 18.0.11
NextcloudNextcloud Server Version >= 19.0.0 < 19.0.5
NextcloudNextcloud Server Version >= 20.0.0 < 20.0.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.56% 0.72
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://hackerone.com/reports/1018146
Third Party Advisory
https://nextcloud.com/security/advisory/?id=NC-SA-2021-001
Vendor Advisory
Broken Link