Security News > 2023 > November > Critical ownCloud flaw under attack (CVE-2023-49103)
Attackers are trying to exploit a critical information disclosure vulnerability in ownCloud, a popular file sharing and collaboration platform used in enterprise settings.
Greynoise and SANS ISC say attemps have been first spotted over the weekend, though Dr. Johannes Ullrich, Dean of Research at the SANS Technology Institute, noted that attacks against ownCloud are not rare, and "Many of them are likely just attempting to find instances of ownCloud to exploit old vulnerabilities or attempt weak passwords."
OwnCloud developers disclosed CVE-2023-49103 and two other critical flaws affecting the ownCloud solution at the beginning of last week, after making fixes available.
CVE-2023-49103 - the most critical of the three and the one that's being actively targeted - is in the solution's Graph API app, and may allow attackers to gain access to sensitive data.
For CVE-2023-49103, the latter include deleting the file owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo and changing ownCloud admin password, mail server and database credentials, and the Object-Store/S3 access key.
"It's important to emphasize that simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern," the company said, and added that Docker containers from before February 2023 are not vulnerable to credential disclosure.
News URL
https://www.helpnetsecurity.com/2023/11/28/cve-2023-49103/
Related news
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- Cyber attacks on critical infrastructure show advanced tactics and new capabilities (source)
- Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks (source)
- Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (source)
- Critical Rust flaw enables Windows command injection attacks (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack (source)
- Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks (source)
- Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack (source)
- Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-21 | CVE-2023-49103 | Unspecified vulnerability in Owncloud Graph API 0.2.0/0.3.0 An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. | 7.5 |