CVE-2022-39334

MEDIUM4.7EPSS 0.07%

Published: 11/25/2022Modified: 4/28/2026

Description

Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. Versions of nextcloudcmd prior to 3.6.1 would incorrectly trust invalid TLS certificates, which may enable a Man-in-the-middle attack that exposes sensitive data or credentials to a network attacker. This affects the CLI only. It does not affect the standard GUI desktop Nextcloud clients, and it does not affect the Nextcloud server.

Affected packages (1)

Debian/nextcloud-desktopfrom 0, < 3.1.1-2+deb11u2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.7	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-39334