CVE-2020-8295
HIGHNextcloud Server < 20.0.0 - Denial of Service via Password Reset
Title source: llmDescription
A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/812754
Vendor Advisory x_refsource_misc
https://nextcloud.com/security/advisory/?id=NC-SA-2021-003
Scores
CVSS v3
7.5
EPSS
0.0051
EPSS Percentile
66.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (1)
nextcloud/nextcloud_server
< 20.0.0
Published
Jan 26, 2021
Tracked Since
Feb 18, 2026