CVE-2020-8279

Summary

Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack.

Affected Software

VendorProductVersion RangeStatus
n/aNextcloud SocialAffects <0.4.0affected
n/aNextcloud SocialFixed in 0.4.0affected

Weaknesses

  • CWE-295: Improper Certificate Validation (CWE-295)

ADP Enrichment

CVE Program Container

Additional References

References