Nextcloud: Missing rate limiting on password reset functionality allows to send lot of emails

A missing rate limiting on password reset functionality in Nextcloud allowed an attacker to send a large number of emails, potentially resulting in financial loss and service disruption. The vulnerability was exploited using the IP rotate extension of Burp Suite. The issue was resolved by adding ...