2020-11-19 00:32:22
hackerone
PUBLISHED
Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack.