CVE-2020-8293: Input Validation
First published: Tue Jan 26 2021(Updated: )
A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nextcloud Nextcloud Server | <18.0.11 | |
| Nextcloud Nextcloud Server | >=19.0.0<19.0.5 | |
| Nextcloud Nextcloud Server | >=20.0.0<20.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/event
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/nextcloud
- canonical/nextcloud nextcloud server
- version/nextcloud nextcloud server/19.0.0
- version/nextcloud nextcloud server/20.0.0