nextcloud-client

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Nextcloud desktop client
Version	2:3.14.3-1 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2025	3.1.2-1	3.1.3-1	Medium	Fixed
AVG-1810	3.1.2-1	3.1.3-1	Medium	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2021-22895	AVG-2025	Medium	Yes	Certificate verification bypass	Nextcloud Desktop Client before 3.1.3 wasn't verifying the SSL certificates when using the "Register with a Provider" flow.
CVE-2021-22879	AVG-1810	Medium	Yes	Arbitrary code execution	Missing validation of URLs in Nextcloud Desktop Client 3.1.2 and earlier allowed a malicious server to execute code on the client. User interaction was required.

Issue

Group

Severity

Remote

Type

Description

CVE-2021-22895

AVG-2025

Medium

Yes

Certificate verification bypass

Nextcloud Desktop Client before 3.1.3 wasn't verifying the SSL certificates when using the "Register with a Provider" flow.

CVE-2021-22879

AVG-1810

Medium

Yes

Arbitrary code execution

Missing validation of URLs in Nextcloud Desktop Client 3.1.2 and earlier allowed a malicious server to execute code on the client. User interaction was required.