A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.
Weakness: Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
This section is open source, for any additional information that enhances or clarifies the official advisory above.
Exploits for CVE-2020-8293 are not publicly available.
Nextcloud: Potential DDoS when posting long data into workflow validation rules
submitted by demonia 4 months ago
publicly disclosed about 1 month ago