Improper Certificate Validation in Nextcloud Desktop Client

Improper Certificate Validation in Nextcloud Desktop Client

CVE-2021-22895 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow.

Learn more about our Cis Benchmark Audit For Desktop Software.