VDB

GCVE-110-MAGEIA-2021-421

GCVE-110-MAGEIA-2021-421
Advisory Published
Vulnetix · Advisory published September 23, 2021
Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow. (CVE-2021-22895) In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a private key belongs to previously downloaded public certificate. If the Nextcloud instance serves a malicious public key, the data would be encrypted for this key and thus could be accessible to a malicious actor. This issue is fixed in Nextcloud Desktop Client version 3.3.0

Affected Products

VendorProductVersionsPlatforms
Mageianextcloud-client0 (affected), 3.3.3-1.mga8 (unaffected)

Browse GCVE Records

73,161 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›