Information Disclosure in ownCloud GraphAPI App
CVE-2023-49103

10CRITICAL

Key Information:

Vendor: Owncloud
Status: Graph Api
Vendor: CVE Published:; 21 November 2023

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 92%🦅 CISA Reported📰 News Worthy

Summary

A vulnerability in the ownCloud GraphAPI app allows the exposure of sensitive configuration details through a third-party library. When the GetPhpInfo.php URL is accessed, it discloses crucial environment variables, including sensitive credentials such as admin passwords and mail server details. Even though simply disabling the GraphAPI app does not resolve the security risk, the issue poses a significant threat in both containerized and non-containerized environments. It's essential for administrators to assess their systems, especially those using Docker containers created before February 2023, as this could lead to unauthorized access to crucial information.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-49103
Created by creacitysec

OwnCloud-CVE-2023-49103
Created by merlin-ke

News Articles

Rapid7

CVE-2024-0204 CVE-2023-49103

CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT | Rapid7 Blog

On 1/22/24, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1.

1 year ago