---

CVE-2021-22895 - log back

CVE-2021-22895 edited at 02 Jun 2021 19:46:34
Description	- Nextcloud Desktop Client before 3.3.1 wasn't verifying the SSL certificates when using the "Register with a Provider" flow. + Nextcloud Desktop Client before 3.1.3 wasn't verifying the SSL certificates when using the "Register with a Provider" flow.
References	https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qpgp-vf4p-wcw5 https://hackerone.com/reports/903424 + https://github.com/nextcloud/desktop/pull/2919 + https://github.com/nextcloud/desktop/pull/2926 + https://github.com/nextcloud/desktop/commit/142180c0e297ef500daf8328e7ea3020e33a3639

CVE-2021-22895 edited at 01 Jun 2021 20:07:20
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Certificate verification bypass
Description	+ Nextcloud Desktop Client before 3.3.1 wasn't verifying the SSL certificates when using the "Register with a Provider" flow.
References	+ https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qpgp-vf4p-wcw5 + https://hackerone.com/reports/903424
Notes

CVE-2021-22895 created at 01 Jun 2021 20:06:47