PT-2021-12724 · Nextcloud+2 · Nextcloud Server+2

Published

2020-10-15

·

Updated

2021-07-21

·

CVE-2020-8295

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 19
Description: A wrong check in the software allowed for a denial of service attack when resetting the password for a user.
Recommendations: For Nextcloud Server versions prior to 19, update to version 19 or later to resolve the issue.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALT-PU-2020-3060
CVE-2020-8295
OPENSUSE-SU-2021:0262-1
OPENSUSE-SU-2021:0274-1
OPENSUSE-SU-2021:1068-1
OPENSUSE-SU-2021_0262-1
OPENSUSE-SU-2021_1068-1

Affected Products

Alt Linux
Nextcloud Server
Suse