Three Critical Vulnerabilities Discovered in ownCloud: Immediate Action Required
ownCloud, a popular open-source file sync and share solution, has been found to harbor three critical vulnerabilities that could expose sensitive user data and compromise system security. These vulnerabilities tracked as CVE-2023-49103, CVE-2023-49104, and CVE-2023-49105, pose significant risks to individuals and organizations using ownCloud.
Vulnerability Breakdown
- CVE-2023-49103 (CVSS score of 10): Sensitive Credential Disclosure in Containerized Deployments
This vulnerability affects the Graph API extension, which adds a user info endpoint to the ownCloud Server. A flaw in the extension’s reliance on a third-party library exposes the configuration details of the PHP environment, including potentially sensitive data like the ownCloud admin password, mail server credentials, and license key. This vulnerability is particularly concerning in containerized deployments, where these environment variables may be stored alongside the ownCloud container image.
- CVE-2023-49104 (CVSS score of 9.0): Subdomain Validation Bypass in OAuth2 App
The OAuth2 app, used for integrating third-party apps or web services, contains a vulnerability that allows an attacker to bypass the validation code and redirect callbacks to a malicious domain. This could enable the attacker to gain unauthorized access to user data and perform unauthorized actions.
- CVE-2023-49105 (CVSS score of 9.8): WebDAV API Authentication Bypass Using Pre-Signed URLs
This vulnerability affects the WebDAV protocol support in ownCloud. It allows an attacker to access, modify, or delete files without authentication if the victim’s username is known and the victim has no signing key configured (default setting).
Remediation Measures and Recommendations
ownCloud has released patches to address these vulnerabilities, and users are strongly advised to update their systems immediately. Additionally, users should follow these recommendations to further enhance security:
-
Change sensitive credentials: Reset the ownCloud admin password, mail server credentials, and database credentials.
-
Disable Subdomains option in OAuth2 app: Disable the “Allow Subdomains” option in the OAuth2 app to mitigate the subdomain validation bypass vulnerability.
-
Configure signing keys for WebDAV authentication: Configure signing keys for WebDAV users to prevent unauthorized access and data manipulation.