overview

Attackers are actively exploiting a critical information disclosure vulnerability (CVE-2023-49103) within ownCloud, a widely used file sharing and collaboration platform, primarily used in enterprise settings.  

Greynoise and SANS ISC have reported an escalation in attack attempts since the weekend. Dr. Johannes Ullrich of SANS Technology Institute stated that while such attacks on ownCloud are not uncommon, many may be attempts to exploit outdated vulnerabilities or weak passwords.  

OwnCloud developers recently disclosed three critical flaws (CVE-2023-49103, CVE-2023-49104, CVE-2023-49105), with CVE-2023-49103 being the most urgent. This vulnerability resides in the Graph API app, allowing attackers to potentially access sensitive data.  

The exploit involves the 'graphapi' app's reliance on a third-party library, which, when accessed, reveals the PHP environment's configuration details, including webserver environment variables. In containerized deployments, this information may expose critical data such as ownCloud admin passwords, mail server credentials, and license keys. Due to the urgency of the vulnerability, ownCloud admins are recommended to take immediate action. Please see Avertium’s recommendations below.  

 

 

avertium's recommendationS

  • ownCloud recommends implementing the appropriate fixes/workarounds and mitigation actions found in ownCloud’s advisories 
  • CVE-2023-49103 
    • ownCloud recommends the deletion of 'owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php,'  
    • disabling the 'phpinfo' function in Docker containers, and  
    • changing potentially exposed secrets. 
  • Note: disabling the graphapi app does not eliminate the vulnerability 

 

 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2023-49103. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

  • Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. See every threat in your attack surface, every device, every entry point, and every vulnerability. Our Attack Surface Management services include:  
    • Risk Assessments 
    • Pen Testing and Social Engineering  
    • Infrastructure Architecture and Integration  
    • Zero Trust Network Architecture 
    • Vulnerability Management 
  • Fusion MXDR for Microsoft combines Avertium's Fusion MXDR approach with Microsoft Security Solutions, creating the first MDR offering that integrates all aspects of security operations into an active and threat-informed XDR solution. Leveraging Microsoft's comprehensive and cost-effective technology, Fusion MXDR for Microsoft delivers a release of cyber energy, encompassing implementation, optimization, ongoing management, and tuning. 

  • Avertium offers Vulnerability Management (VM) to provide a deeper understanding and control over organizational information security risks.  If your enterprise is facing challenges with the scope, resources, or skills required to implement a vulnerability management program with your team, outsourced solutions can help you bridge the gap.  

  • Note: We highly value your feedback. Kindly spare a moment to complete our feedback form, allowing us to enhance our services for our valued customers. 


 

 

SUPPORTING DOCUMENTATION

Disclosure of sensitive credentials and configuration in containerized deployments - ownCloud 

Hackers start exploiting critical ownCloud flaw, patch now (bleepingcomputer.com) 

Critical ownCloud flaw under attack (CVE-2023-49103) - Help Net Security 

 

Chat With One of Our Experts




Flash Notice Critical Vulnerability ownCloud Blog