November 27, 2023 at 11:36AM
Open-source file-sharing software ownCloud has been found to have critical vulnerabilities that could expose sensitive information and allow authentication bypass. The most severe vulnerability affects the graphapi app and reveals important PHP environment details, including sensitive data like admin passwords and license keys. Another vulnerability allows unauthorized access, modification, and deletion of files through pre-signed URLs. A third bug bypasses subdomain validation. Users are advised to change passwords and take other security measures. ownCloud plans to release core updates to address these vulnerabilities in the future.
From the meeting notes, it is evident that ownCloud, an open-source file-sharing and collaboration software, is dealing with several critical vulnerabilities. Here are the key takeaways:
1. The graphapi app, which uses a third-party library, has a severe vulnerability that exposes sensitive information and allows authentication bypass. The issue affects versions 0.2.0 to 0.3.0 of the graphapi app. Merely disabling the app does not solve the problem.
Recommendation: Administrators should change the ownCloud admin password, Object-Store/S3 access-key, and credentials for the mail server and database. Additionally, ownCloud has disabled the phpinfo function in their docker-containers and plans to implement further security measures in future releases.
2. Another vulnerability affects the WebDAV API and allows authentication bypass through pre-signed URLs. An attacker can access, modify, or delete files without authentication if they know the victim’s username and the victim has no signing key configured. The bug impacts ownCloud core versions 10.6.0 to 10.13.0.
Recommendation: Mitigate this vulnerability by denying the use of pre-signed URLs when no signing key is configured for the file owner.
3. The oauth2 app has a bug (prior to version 0.6.1) that enables subdomain validation bypass. An attacker can redirect callbacks to a top-level domain (TLD) controlled by them by using a specially crafted redirect-URL.
Recommendation: It is crucial to address this vulnerability in the oauth2 app to prevent subdomain validation bypass.
These vulnerabilities pose significant risks to the security of ownCloud installations. It is essential for administrators to take immediate action by implementing the recommended mitigation strategies.