CVE-2020-8293

{"id": "CVE-2020-8293", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-01-26T18:16:08.507", "references": [{"url": "https://hackerone.com/reports/1018146", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2021-001", "tags": ["Broken Link", "Vendor Advisory"], "source": "support@hackerone.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Secondary", "source": "support@hackerone.com", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules."}, {"lang": "es", "value": "Una falta de comprobaci\u00f3n de la entrada en Nextcloud Server versiones anteriores a 20.0.2, 19.0.5, 18.0.11, permite a usuarios almacenar datos ilimitados en reglas de flujo de trabajo que causan una carga y una potencial DDoS en interacciones posteriores y uso con esas reglas"}], "lastModified": "2022-09-27T15:46:14.307", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44D57333-C4F0-482B-92CB-91B8095733D0", "versionEndExcluding": "18.0.11"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "901AE378-7B1A-4D32-86FB-01971AAF0F48", "versionEndExcluding": "19.0.5", "versionStartIncluding": "19.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "715B9373-BCF9-4069-8C51-7714648C27E8", "versionEndExcluding": "20.0.2", "versionStartIncluding": "20.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}