Vulnerability Details CVE-2020-8228
A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 62.7%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00019.html
- https://hackerone.com/reports/922470
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-033
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00019.html
- https://hackerone.com/reports/922470
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-033
Products affected by CVE-2020-8228
-
cpe:2.3:a:nextcloud:preferred_providers:1.7.0
-
cpe:2.3:a:opensuse:backports_sle:15.0
-
cpe:2.3:o:opensuse:leap:15.1
-
cpe:2.3:o:opensuse:leap:15.2