A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user.
Weakness: Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
This section is open source, for any additional information that enhances or clarifies the official advisory above.
Exploits for CVE-2020-8295 are not publicly available.
Nextcloud: Denial of Service by requesting to reset a password
submitted by makerlab 11 months ago
publicly disclosed about 1 month ago