CVE-2021-22895 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Certificate verification bypass
Description	Nextcloud Desktop Client before 3.1.3 wasn't verifying the SSL certificates when using the "Register with a Provider" flow.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2025	nextcloud-client	3.1.2-1	3.1.3-1	Medium	Fixed

References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qpgp-vf4p-wcw5 https://hackerone.com/reports/903424 https://github.com/nextcloud/desktop/pull/2919 https://github.com/nextcloud/desktop/pull/2926 https://github.com/nextcloud/desktop/commit/142180c0e297ef500daf8328e7ea3020e33a3639

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qpgp-vf4p-wcw5
https://hackerone.com/reports/903424
https://github.com/nextcloud/desktop/pull/2919
https://github.com/nextcloud/desktop/pull/2926
https://github.com/nextcloud/desktop/commit/142180c0e297ef500daf8328e7ea3020e33a3639