7.5 / 10

A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user.

Weakness: Uncontrolled Resource Consumption

The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Published: 2020-01-28

Community Advisory

This section is open source, for any additional information that enhances or clarifies the official advisory above.

Improve Advisory

CVE-2020-8295 Exploits

Exploits for CVE-2020-8295 are not publicly available.

Access our inventory of exclusive N-Day CVE Exploits, provided for legal security research and testing purposes. Inquire about our offerings by email: [email protected] (PGP key).

Bug Bounty

Nextcloud: Denial of Service by requesting to reset a password

submitted by makerlab 11 months ago
publicly disclosed about 1 month ago

Official CVE References

View references (2)