A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.
nextcloud nextcloud mail
fedoraproject fedora 32