CVE-2021-22895
published 2021-06-11CVE-2021-22895: Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register…
medium5.9CVSS 3.1
AVNACHPRNUINSUCNIHAN
Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | nextcloud-desktop | < nextcloud-desktop 3.3.1-1 (bookworm) | nextcloud-desktop 3.3.1-1 (bookworm) |
| nextcloud | desktop | < 3.1.3 | 3.1.3 |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
osv5.9MEDIUM