Upstream information
Description
A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 4 |
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:P |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | Single |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Partial |
| National Vulnerability Database | |
|---|---|
| Base Score | 6.5 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | High |
| CVSSv3 Version | 3.1 |
SUSE Security Advisories:
- openSUSE-SU-2021:0262-1, published Tue Feb 16 10:27:50 2021
- openSUSE-SU-2021:0274-1, published Tue Feb 16 10:27:50 2021
- openSUSE-SU-2021:1068-1, published Wed Jul 21 03:40:09 2021
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Package Hub 12 |
| Patchnames: openSUSE-2021-1068 |
| SUSE Package Hub 15 SP1 |
| Patchnames: openSUSE-2021-1068 |
| SUSE Package Hub 15 SP2 |
| Patchnames: openSUSE-2021-1068 openSUSE-2021-274 |
| SUSE Package Hub 15 SP3 |
| Patchnames: openSUSE-2021-1068 |
| openSUSE Leap 15.2 |
| Patchnames: openSUSE-2021-1068 openSUSE-2021-262 |
| openSUSE Leap 15.3 |
| Patchnames: openSUSE-2021-1068 |
SUSE Timeline for this CVE
CVE page created: Tue Jan 26 23:08:01 2021CVE page last modified: Tue May 23 17:56:51 2023