CVE-2020-8293

A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.

Published: Jan 26, 2021
Updated: Apr 14, 2023
CVE: CVE-2020-8293
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:N/A:P

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
nextcloud / nextcloud_server	20.0.0	20.0.2
nextcloud / nextcloud_server	19.0.0	19.0.5
nextcloud / nextcloud_server	-	18.0.11

https://hackerone.com/reports/1018146
https://nextcloud.com/security/advisory/?id=NC-SA-2021-001

Vulnerability Database

289,697

CVE-2020-8293