November 24, 2023 at 01:20PM
Open-source file sharing software ownCloud has issued warnings about three critical security vulnerabilities. The first flaw exposes administrator passwords and mail server credentials. The second flaw allows unauthorized access to files without authentication. The third flaw bypasses subdomain validation in the OAuth2 library. Users are advised to apply recommended fixes promptly to mitigate risks.
Based on the meeting notes, there are three critical-severity security vulnerabilities in ownCloud, an open-source file sync and sharing solution. These vulnerabilities can expose administrator passwords, mail server credentials, and other sensitive information. The recommended fixes include deleting specific files, disabling certain functions, and changing potentially exposed passwords and credentials. It is important to note that simply disabling the affected app does not eliminate the vulnerability. Administrators of ownCloud are advised to apply the recommended fixes and perform library updates promptly to mitigate these risks.