CVE-2020-8293Uncontrolled Resource Consumption in Server

CWE-400Uncontrolled Resource Consumption3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.6%
top 29.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nextcloud Server
Timeline
PublishedJan 26
Latest updateMay 24

Description

A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDnextcloud/nextcloud_server19.0.019.0.5+2
CVEListV5nextcloud/nextcloud_serverFixed in 20.0.2, 19.0.5, 18.0.11

🔴Vulnerability Details

2
GHSA
GHSA-g8q5-cq4v-2qq7: A missing input validation in Nextcloud Server before 202022-05-24
CVEList
CVE-2020-8293: A missing input validation in Nextcloud Server before 202021-01-26
CVE-2020-8293 — Uncontrolled Resource Consumption | cvebase