admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2022-39334 description

Browse Source 
Update description based on user feedback to make the CVE more actionable.
This commit is contained in:
Jonathan Moroney 2023-03-06 14:55:02 -08:00
parent 561cda0b28
commit d141044703
No known key found for this signature in database
GPG Key ID: 3F1697A1388A846C
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2022/39xxx/CVE-2022-39334.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Nextcloud desktop is the desktop sync client for Nextcloud. Versions prior to 3.6.1 would incorrectly trust invalid TLS certificates. A Man-in-the-middle attack is possible in case a user can be made running a nextcloudcmd CLI command locally. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this vulnerability."
"value": "Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. Versions of nextcloudcmd prior to 3.6.1 would incorrectly trust invalid TLS certificates, which may enable a Man-in-the-middle attack that exposes sensitive data or credentials to a network attacker. This affects the CLI only. It does not affect the standard GUI desktop Nextcloud clients, and it does not affect the Nextcloud server."
}
]
},