HIGH
A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user.
Weakness: Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Published: 2020-01-28
Community Advisory
This section is open source, for any additional information that enhances or clarifies the official advisory above.
CVE-2020-8295 Exploits
Exploits for CVE-2020-8295 are not publicly available.
Access our inventory of exclusive N-Day CVE Exploits, provided for legal security research and testing purposes. Inquire about our offerings by email: [email protected] (PGP key).
Bug Bounty
Nextcloud: Denial of Service by requesting to reset a password
submitted by makerlab 11 months ago
publicly disclosed about 1 month ago