10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
81.1%
The maintainers of the open-source file-sharing software ownCloud have warned of three critical security flaws that could be exploited to disclose sensitive information and modify files.
A brief description of the vulnerabilities is as follows -
βThe βgraphapiβ app relies on a third-party library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo),β the company said of the first flaw.
βThis information includes all the environment variables of the web server. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key.β
As a fix, ownCloud is recommending to delete the βowncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.phpβ file and disable the βphpinfoβ function. It is also advising users to change secrets like the ownCloud admin password, mail server and database credentials, and Object-Store/S3 access keys.
The second problem makes it possible to access, modify or delete any file sans authentication if the username of the victim is known and the victim has no signing-key configured, which is the default behavior.
Lastly, the third flaw relates to a case of improper access control that allows an attacker to βpass in a specially crafted redirect-url which bypasses the validation code and thus allows the attacker to redirect callbacks to a TLD controlled by the attacker.β
Besides adding hardening measures to the validation code in the oauth2 app, ownCloud has suggested that users disable the βAllow Subdomainsβ option as a workaround.
The disclosure comes as a proof-of-concept (PoC) exploit has been released for a critical remote code execution vulnerability in the CrushFTP solution (CVE-2023-43177) that could be weaponized by an unauthenticated attacker to access files, run arbitrary programs on the host, and acquire plain-text passwords.
The issue, discovered and reported by Converge security researcher Ryan Emmons, has been addressed in CrushFTP version 10.5.2, which was released on August 10, 2023.
βThis vulnerability is critical because it does NOT require any authentication,β CrushFTP noted in an advisory released at the time. βIt can be done anonymously and steal the session of other users and escalate to an administrator user.β
Reports have emerged of active exploitation of CVE-2023-49103, a critical flaw affecting the βgraphapiβ app used in ownCloud that could be exploited to access admin passwords, mail server credentials, and license keys.
Threat intelligence firm GreyNoise said it observed mass exploitation of the flaw in the wild as early as November 25, with SANS Internet Storm Center (ISC) detecting scans originating from five different IP addresses.
βAttacks against ownCloud are not rare,β Johannes B. Ullrich, dean of research at the SANS Technology Institute, said. βMany of them are likely just attempting to find instances of ownCloud to exploit old vulnerabilities or attempt weak passwords.β
Found this article interesting? Follow us on Twitter ο and LinkedIn to read more exclusive content we post.
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
81.1%