A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00019.html | Third Party Advisory |
https://hackerone.com/reports/922470 | Exploit Third Party Advisory |
https://nextcloud.com/security/advisory/?id=NC-SA-2020-033 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hackerone
Published: 2020-10-05T13:15:23
Updated: 2020-10-10T23:06:24
Reserved: 2020-01-28T00:00:00
Link: CVE-2020-8228
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-10-05T14:15:13.670
Modified: 2020-10-20T18:56:06.573
Link: CVE-2020-8228
JSON object: View
Redhat Information
No data.