CVE-2020-8293 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-8293 Interim 1 15 2025-02-17T01:35:49Z current 2021-05-30T14:37:57Z 2025-02-17T01:35:49Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-8293 A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RL6T5BYT4RSAM4DNXPXTDKBKHKKNDVHW/ E-Mail link for openSUSE-SU-2021:0262-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IKPTLKOGRYW4NVA4XTNRDXSK534SPTR2/ E-Mail link for openSUSE-SU-2021:0274-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XBA6BUWCG7GXG6XVXJPYJLSFVWJRSYU7/ E-Mail link for openSUSE-SU-2021:1068-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 12 SUSE Package Hub 15 SP1 SUSE Package Hub 15 SP2 SUSE Package Hub 15 SP3 openSUSE Leap 15.2 openSUSE Leap 15.3 nextcloud-20.0.11-28.1 nextcloud-20.0.11-bp151.3.15.1 nextcloud-20.0.11-bp152.2.9.1 nextcloud-20.0.11-bp153.2.3.1 nextcloud-20.0.11-lp152.3.9.1 nextcloud-apache-20.0.11-28.1 nextcloud-apache-20.0.11-bp151.3.15.1 nextcloud-apache-20.0.11-bp152.2.9.1 nextcloud-apache-20.0.11-bp153.2.3.1 nextcloud-apache-20.0.11-lp152.3.9.1 nextcloud-20.0.11-28.1 as a component of SUSE Package Hub 12 nextcloud-apache-20.0.11-28.1 as a component of SUSE Package Hub 12 nextcloud-20.0.11-bp151.3.15.1 as a component of SUSE Package Hub 15 SP1 nextcloud-apache-20.0.11-bp151.3.15.1 as a component of SUSE Package Hub 15 SP1 nextcloud-20.0.11-bp152.2.9.1 as a component of SUSE Package Hub 15 SP2 nextcloud-apache-20.0.11-bp152.2.9.1 as a component of SUSE Package Hub 15 SP2 nextcloud-20.0.11-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 nextcloud-apache-20.0.11-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 nextcloud-20.0.11-lp152.3.9.1 as a component of openSUSE Leap 15.2 nextcloud-apache-20.0.11-lp152.3.9.1 as a component of openSUSE Leap 15.2 nextcloud-20.0.11-bp153.2.3.1 as a component of openSUSE Leap 15.3 nextcloud-apache-20.0.11-bp153.2.3.1 as a component of openSUSE Leap 15.3 A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules. CVE-2020-8293 SUSE Package Hub 12:nextcloud-20.0.11-28.1 SUSE Package Hub 12:nextcloud-apache-20.0.11-28.1 SUSE Package Hub 15 SP1:nextcloud-20.0.11-bp151.3.15.1 SUSE Package Hub 15 SP1:nextcloud-apache-20.0.11-bp151.3.15.1 SUSE Package Hub 15 SP2:nextcloud-20.0.11-bp152.2.9.1 SUSE Package Hub 15 SP2:nextcloud-apache-20.0.11-bp152.2.9.1 SUSE Package Hub 15 SP3:nextcloud-20.0.11-bp153.2.3.1 SUSE Package Hub 15 SP3:nextcloud-apache-20.0.11-bp153.2.3.1 openSUSE Leap 15.2:nextcloud-20.0.11-lp152.3.9.1 openSUSE Leap 15.2:nextcloud-apache-20.0.11-lp152.3.9.1 openSUSE Leap 15.3:nextcloud-20.0.11-bp153.2.3.1 openSUSE Leap 15.3:nextcloud-apache-20.0.11-bp153.2.3.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H