nextcloud-client

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Nextcloud desktop client
Version 2:3.4.1-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2025 3.1.2-1 3.1.3-1 Medium Fixed
AVG-1810 3.1.2-1 3.1.3-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-22895 AVG-2025 Medium Yes Certificate verification bypass
Nextcloud Desktop Client before 3.1.3 wasn't verifying the SSL certificates when using the "Register with a Provider" flow.
CVE-2021-22879 AVG-1810 Medium Yes Arbitrary code execution
Missing validation of URLs in Nextcloud Desktop Client 3.1.2 and earlier allowed a malicious server to execute code on the client. User interaction was required.