Vulnerability Database

317,182

Total vulnerabilities in the database

CVE-2020-8293

A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.

Published: Jan 26, 2021
Updated: Nov 16, 2025
CVE: CVE-2020-8293
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:N/A:P

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
nextcloud / nextcloud_server	20.0.0	20.0.2
nextcloud / nextcloud_server	19.0.0	19.0.5
nextcloud / nextcloud_server	-	18.0.11

https://hackerone.com/reports/1018146
https://nextcloud.com/security/advisory/?id=NC-SA-2021-001

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo