5.9
CVE-2021-22895
- EPSS 0.36%
- Veröffentlicht 11.06.2021 16:15:10
- Zuletzt bearbeitet 21.11.2024 05:50:51
- Quelle support@hackerone.com
- CVE-Watchlists
- Unerledigt
LoginSSL certificate was not validated in Provider Registration Flow
Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow.
Mögliche Gegenmaßnahme
Nextcloud Desktop Client: None.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version10.0
Debian ≫ Debian Linux Version11.0
Weitere Schwachstelleninformationen
SystemNextcloud App
≫
Produkt
Nextcloud Desktop Client
Version
< 3.1.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.579 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.