MEDIUM
A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.
Weakness: Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Published: 2020-01-28
Community Advisory
This section is open source, for any additional information that enhances or clarifies the official advisory above.
CVE-2020-8293 Exploits
Exploits for CVE-2020-8293 are not publicly available.
Access our inventory of exclusive N-Day CVE Exploits, provided for legal security research and testing purposes. Inquire about our offerings by email: [email protected] (PGP key).
Bug Bounty
Nextcloud: Potential DDoS when posting long data into workflow validation rules
submitted by demonia 4 months ago
publicly disclosed about 1 month ago