EPSS
Percentile
20.4%
nextcloud-desktop is vulnerable to improper certificate validation. The vulnerability exists due to man in the middle attacks in invalid TLS certificates which allows an attacker to take control of a machine between the client and the server.
http:
github.com/nextcloud/desktop/issues/4927
github.com/nextcloud/desktop/pull/5022
github.com/nextcloud/security-advisories/security/advisories/GHSA-82xx-98xv-4jxv
hackerone.com/reports/1699740