CVE-2021-22895 log

Source
Severity Medium
Remote Yes
Type Certificate verification bypass
Description
Nextcloud Desktop Client before 3.1.3 wasn't verifying the SSL certificates when using the "Register with a Provider" flow.
Group Package Affected Fixed Severity Status Ticket
AVG-2025 nextcloud-client 3.1.2-1 3.1.3-1 Medium Fixed
References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qpgp-vf4p-wcw5
https://hackerone.com/reports/903424
https://github.com/nextcloud/desktop/pull/2919
https://github.com/nextcloud/desktop/pull/2926
https://github.com/nextcloud/desktop/commit/142180c0e297ef500daf8328e7ea3020e33a3639