iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
A critical alert has been issued by the Australian Cyber Security Centre (ACSC) after it discovered a trio of major vulnerabilities with the ownCloud file-sharing platform.
The three vulnerabilities – CVE-2023-49103, CVE-2023-49104 and CVE-2023-49105 – all have the potential to grant a threat actor unauthorised access to a user’s systems.
The vulnerabilities were first discovered when ownCloud published warnings for the three vulnerabilities, saying that all three could be used to breach customer systems.
CVE-2023-49103 is considered the most severe of the three, with a maximum CVSS severity score of 10, due to the way in which a threat actor could view credentials by executing phpinfo() within the services “graphapi” app, allowing them to see the server environment variables.
“The ‘graphapi’ app relies on a third-party library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo),” wrote ownCloud.
“This information includes all the environment variables of the web server. In containerised deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key.”
While ownCloud has said that deleting the graphapi app won’t solve the issue, it has said that it disabled the phpinfo function within its Docker containers. It has also advised its customers to change credentials such as admin passwords, server details, database credentials and “Object-Store/S3 access-key”.
It has also said that customers should delete the “owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php” file.
The ACSC has added that it has observed cases of CVE-2023-49103 being exploited in the wild. According to Shadowserver, there had been 11,000 instances of exploitation recorded.
Be the first to hear the latest developments in the cyber industry.
