Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
nextcloudcmd incorrectly trusts bad TLS certificates
Vulnerability Description
Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. Versions of nextcloudcmd prior to 3.6.1 would incorrectly trust invalid TLS certificates, which may enable a Man-in-the-middle attack that exposes sensitive data or credentials to a network attacker. This affects the CLI only. It does not affect the standard GUI desktop Nextcloud clients, and it does not affect the Nextcloud server.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
证书验证不恰当
Vulnerability Title
Nextcloud 信任管理问题漏洞
Vulnerability Description
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud desktop 3.6.1之前版本存在信任管理问题漏洞,该漏洞源于会错误地信任无效的TLS证书,用户在本地运行nextcloudcmd CLI命令的情况下,有可能出现中间人攻击。
CVSS Information
N/A
Vulnerability Type
N/A