CVE-2022-39334
Nextcloud desktop is the desktop sync client for Nextcloud. Versions prior to 3.6.1 would incorrectly trust invalid TLS certificates. A Man-in-the-middle attack is possible in case a user can be made running a nextcloudcmd CLI command locally. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this vulnerability.
Date published : 2022-11-25
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-82xx-98xv-4jxv