Critical ownCloud Vulnerability Exposes Admin Passwords – Actively Exploited by Hackers

OwnCloud, a popular open-source file-sharing application, is grappling with a critical security crisis, as revealed in three security bulletins. The most severe flaw, CVE-2023-49103, scored a maximum CVSS v3 rating of 10, potentially exposing sensitive information, including admin passwords, mail server credentials, and license keys.

The vulnerability stems from the ownCloud component, graphapi 0.2.0 through 0.3.0, relying on a third-party library that inadvertently exposes PHP environment details via a URL. Remediation involves deleting a specific file, disabling the 'phpinfo' function in Docker containers, and updating exposed credentials.

Despite the critical nature of the bug, exploitation requires an uncommon configuration, making successful attacks more challenging. However, threat actors have been actively probing vulnerable ownCloud ports, with GreyNoise tracking 40 unique IPs attempting exploitation within the first week of disclosure.

OwnCloud, which disclosed the vulnerability on November 21, emphasizes the importance of prompt action. It provided fixes in September to customers before public disclosure, demonstrating a commitment to transparency and proactive security measures.

Security research companies, including Shadowserver and GreyNoise, have issued warnings about ongoing exploitation, emphasizing the urgency for organizations to address the vulnerability promptly. The Cybersecurity and Infrastructure Security Agency (CISA) also included the ownCloud vulnerabilities in its bulletin, underscoring the broader significance of these security issues.

Administrators are advised to implement recommended fixes immediately, update libraries, and remain vigilant against potential data breaches, emphasizing the critical need for organizations to prioritize cybersecurity in file-sharing platforms like ownCloud.

Previous
Previous

Agent Tesla Malware Evolves: A Persistent Threat Exploiting Multiple Vectors

Next
Next

Active Exploitation of Critical Security Flaws in F5's BIG-IP Software [ CVE-2023-46747]