CVE-2020-8293

MEDIUM

Nextcloud Server <20.0.2-18.0.11 - Info Disclosure

Title source: llm
STIX 2.1

Description

A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://hackerone.com/reports/1018146
Broken Link, Vendor Advisory x_refsource_misc
https://nextcloud.com/security/advisory/?id=NC-SA-2021-001

Scores

CVSS v3 6.5
EPSS 0.0063
EPSS Percentile 70.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-400
Status published
Products (1)
nextcloud/nextcloud_server < 18.0.11
Published Jan 26, 2021
Tracked Since Feb 18, 2026