Mail app not verifying TLS host of mail servers (NC-SA-2020-020)

2020-03-2400:00:00

nextcloud.com

0.001 Low

EPSS

Percentile

50.2%

A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.

CPENameOperatorVersion
nextcloud maillt1.1.4

CPE	Name	Operator	Version
	nextcloud mail	lt	1.1.4

0.001 Low

EPSS

Percentile

50.2%

Related for NC-SA-2020-020