Improper Certificate Validation in Nextcloud Desktop Client
CVE-2021-22895

5.9MEDIUM

Key Information:

Vendor

Nextcloud
Status
Nextcloud Desktop Client
Vendor
CVE Published:
11 June 2021

What is CVE-2021-22895?

The Nextcloud Desktop Client prior to version 3.3.1 is susceptible to a vulnerability that stems from improper SSL certificate verification. This issue occurs during the 'Register with a Provider' process, potentially allowing attackers to intercept communications by presenting fraudulent SSL certificates. Users are recommended to upgrade to the latest version to mitigate this security risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Nextcloud Desktop Client Fixed in 3.3.1

References

https://hackerone.com/reports/903424
x_refsource_MISC
https://github.com/nextcloud/desktop/pull/2926
x_refsource_MISC
https://github.com/nextcloud/desktop/releases/tag/v3.1.3
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.