6.5 / 10

A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.

Weakness: Uncontrolled Resource Consumption

The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Published: 2020-01-28

Community Advisory

This section is open source, for any additional information that enhances or clarifies the official advisory above.

Improve Advisory

CVE-2020-8293 Exploits

Exploits for CVE-2020-8293 are not publicly available.

Access our inventory of exclusive N-Day CVE Exploits, provided for legal security research and testing purposes. Inquire about our offerings by email: [email protected] (PGP key).

Bug Bounty

Nextcloud: Potential DDoS when posting long data into workflow validation rules

submitted by demonia 4 months ago
publicly disclosed about 1 month ago

Official CVE References

View references (2)