Security News > 2023 > November > Critical ownCloud flaw under attack (CVE-2023-49103)

Attackers are trying to exploit a critical information disclosure vulnerability in ownCloud, a popular file sharing and collaboration platform used in enterprise settings.

Greynoise and SANS ISC say attemps have been first spotted over the weekend, though Dr. Johannes Ullrich, Dean of Research at the SANS Technology Institute, noted that attacks against ownCloud are not rare, and "Many of them are likely just attempting to find instances of ownCloud to exploit old vulnerabilities or attempt weak passwords."

OwnCloud developers disclosed CVE-2023-49103 and two other critical flaws affecting the ownCloud solution at the beginning of last week, after making fixes available.

CVE-2023-49103 - the most critical of the three and the one that's being actively targeted - is in the solution's Graph API app, and may allow attackers to gain access to sensitive data.

For CVE-2023-49103, the latter include deleting the file owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo and changing ownCloud admin password, mail server and database credentials, and the Object-Store/S3 access key.

"It's important to emphasize that simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern," the company said, and added that Docker containers from before February 2023 are not vulnerable to credential disclosure.

News URL

https://www.helpnetsecurity.com/2023/11/28/cve-2023-49103/