CVE-2020-8228 - A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an

CVE-2020-8228

Summary

A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.

References

Vulnerable Configurations

cpe:2.3:a:nextcloud:preferred_providers:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:preferred_providers:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*
cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

CVSS

CWE

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

misc	https://hackerone.com/reports/922470 https://nextcloud.com/security/advisory/?id=NC-SA-2020-033
suse	openSUSE-SU-2020:1652

Last major update

20-10-2020 - 18:56

Published

05-10-2020 - 14:15

Last modified

20-10-2020 - 18:56