What the vulnerability does

01Description

Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack.

Key dates

02Disclosure timeline

November 19, 2020 CVE published
August 4, 2024 Record updated