Patch Now: Attackers Pummel Critical, Easy-to-Exploit OwnCloud Flaw

Patch Now: Attackers Pummel Critical, Easy-to-Exploit OwnCloud Flaw

November 29, 2023 at 02:38PM

Hackers exploit a critical vulnerability in ownCloud, tracked as CVE-2023-49103, compromising admin passwords and sensitive data. With a CVSS score of 10/10, it affects versions 0.2.0 to 0.3.0. Over 11,000 instances are exposed, mostly in Germany, the US, France, and Russia. Patching is vital; disabling the app isn’t enough. Two other critical flaws, CVE-2023-49105 and CVE-2023-49104, also threaten data security. OwnCloud advises immediate updates and password changes.

Meeting Takeaways:

1. **Critical Security Flaw in ownCloud**: Hackers are actively exploiting a severe vulnerability in ownCloud, which is an open-source platform for secure file storage and collaboration.

2. **Flaw Identification**: The flaw is known as CVE-2023-49103 and affects the “graphapi” app in ownCloud. It has been given the maximum severity score of 10 out of 10 on the CVSS scale due to its ease of exploitation.

3. **Exploitation in the Wild**: GreyNoise and The Shadowserver Foundation have observed mass exploitation attempts, noting significant numbers of exposed instances primarily in Germany, the US, France, and Russia.

4. **Vulnerable Versions**: ownCloud versions 0.2.0 to 0.3.0 are vulnerable, with the flaw stemming from a third-party library that leaks PHP environment configurations including admin passwords, mail server credentials, and license keys.

5. **Patching Requirement**: Disabling the affected app is not a sufficient mitigation step – patching is necessary. Docker containers from before February 2023 are not vulnerable to credential disclosure.

6. **Additional Flaws**: Two other critical vulnerabilities, CVE-2023-49105 and CVE-2023-49104, have also been disclosed and affect ownCloud’s authentication and oauth2 app functionalities.

7. **Recommended Actions by ownCloud**:
– Immediate patching of the affected ownCloud versions to prevent exploit.
– Changing of all sensitive credentials and keys after patching.
– Future core releases will include hardening measures to prevent similar vulnerabilities.
– Addressing the two additional flaws with respective fixes and configurations.

8. **Overall Recommendation**: Organizations using ownCloud are strongly advised to apply the fixes and recommendations provided by ownCloud immediately to protect against data breaches and unauthorized access.

Full Article