Vulnerabilities > Nextcloud > Social

DATE CVE VULNERABILITY TITLE RISK
2020-11-19 CVE-2020-8279 Improper Certificate Validation vulnerability in Nextcloud Social
Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack.
network
high complexity
nextcloud CWE-295
7.4
2020-11-19 CVE-2020-8278 Incorrect Authorization vulnerability in Nextcloud Social 0.3.1
Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user.
network
low complexity
nextcloud CWE-863
5.3