vulnerability
SUSE: CVE-2022-39334: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:M/Au:S/C:N/I:C/A:N) | Nov 25, 2022 | Apr 13, 2023 | Jan 28, 2025 |
Severity
4
CVSS
(AV:L/AC:M/Au:S/C:N/I:C/A:N)
Published
Nov 25, 2022
Added
Apr 13, 2023
Modified
Jan 28, 2025
Description
Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. Versions of nextcloudcmd prior to 3.6.1 would incorrectly trust invalid TLS certificates, which may enable a Man-in-the-middle attack that exposes sensitive data or credentials to a network attacker. This affects the CLI only. It does not affect the standard GUI desktop Nextcloud clients, and it does not affect the Nextcloud server.
Solution(s)
suse-upgrade-caja-extension-nextcloudsuse-upgrade-cloudproviders-extension-nextcloudsuse-upgrade-libnextcloudsync-develsuse-upgrade-libnextcloudsync0suse-upgrade-nautilus-extension-nextcloudsuse-upgrade-nemo-extension-nextcloudsuse-upgrade-nextcloud-desktopsuse-upgrade-nextcloud-desktop-docsuse-upgrade-nextcloud-desktop-dolphinsuse-upgrade-nextcloud-desktop-lang
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.