EPSS
Percentile
38.2%
nextcloud-desktop is vulnerable to Improper Certificate Validation. Trusting the server to return a users keypair certificate, allows a malicious server to encrypt user files with a key known to the attacker causing improper certificate validation.
github.com/nextcloud/desktop/pull/4949
github.com/nextcloud/security-advisories/security/advisories/GHSA-h82x-98q3-7534
hackerone.com/reports/1679267
security-tracker.debian.org/tracker/CVE-2023-29000