Hackers are exploiting ownCloud critical vulnerability in the wild
Recently, a critical alert has been issued for users of ownCloud, an open-source file-sharing software widely used in organizational environments. The maintainers of ownCloud have disclosed three critical security flaws that pose serious risks, including sensitive information disclosure and file modification.
The vulnerabilities identified in ownCloud are not just dangerous; they are alarmingly critical. Each one poses a unique threat to the integrity and security of data handled by ownCloud:
1. CVE-2023-49103 (CVSS score: 10.0): This flaw represents the most severe threat, with a perfect CVSS score. It affects containerized deployments in graphapi versions from 0.2.0 to 0.3.0. This vulnerability enables attackers to access highly sensitive data, including admin passwords, mail server credentials, and license keys.
2. CVE-2023-49105 (CVSS score: 9.8): This vulnerability affects the WebDAV Api and allows authentication bypass using Pre-Signed URLs in core versions from 10.6.0 to 10.13.0. The ease of exploitation and the high impact make this a critical issue.
3. CVE-2023-49104 (CVSS score: 9.0): This flaw pertains to a subdomain validation bypass in oauth2 versions before 0.6.1. It poses a significant threat to the integrity of the domain validation process.
GreyNoise, a cybersecurity agency, has observed mass exploitation of the CVE-2023-49103 vulnerability as early as November 25, 2023. This observation indicates that malicious actors are actively and aggressively exploiting these vulnerabilities in real-world scenarios, making it a pressing issue for organizations relying on their ownCloud for their file-sharing needs.
For organizations utilizing ownCloud, the message is clear and urgent: these vulnerabilities need to be addressed immediately to safeguard sensitive data and maintain operational integrity. The critical nature of these flaws cannot be overstated, and the potential for exploitation necessitates swift and decisive action.
