9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
Hackers are exploiting a critical ownCloud vulnerability, tracked as CVE-2023-49103, that exposes admin passwords, mail server credentials, and license keys in containerized deployments. ownCloud is a popular open
Hackers are exploiting a critical ownCloud vulnerability, tracked as CVE-2023-49103, that exposes admin passwords, mail server credentials, and license keys in containerized deployments.
ownCloud is a popular open source file synchronization and sharing solution for those who want to manage and share their data through their own platform.
November 21 software developers Published security bulletins We urge ownCloud administrators to immediately implement recommended mitigations for three vulnerabilities that could lead to data leakage.
Of the three flaws, CVE-2023-49103 received the maximum CVSS Severity Score of 10.0 because it allowed a remote threat actor to execute phpinfo() via its Cloud ‘graphapi’ implementation; this exposes server environment variables, including credentials stored within it. . .
“In containerized deployments, these environment variables may contain sensitive data such as ownCloud admin password, mail server credentials, and license key,” says CVE-2023-49103.
Additionally, if other services in the same environment use the same options and configurations, the same credentials can be used to access those services, further expanding the breach.
Unfortunately, exploiting CVE-2023-49103 for data exfiltration attacks is not difficult, and attackers have already been identified as exploiting the flaw in the attacks.
Threat monitoring firm Greynoise reported yesterday that the flaw has been widely exploited with an increasing trend since November 25, 2023. Greynoise tracked 12 unique IP addresses using CVE-2023-49103.
hadowserver reports similar observations, warning that it has now identified more than 11,000 vulnerable samples, most of which are located in Germany, the US, France and Russia.
Due to the widespread use of this flaw, ownCloud administrators are advised to take urgent measures to eliminate the risk. The recommended fix is to delete “owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php”, disable “phpinfo” in Docker containers, and replace a potentially exposed secret. admin password ownCloud. , mail server, database credentials and Object-Store/S3 access keys.
It is important to note that disabling Grapapi does not mitigate the threat, which is equally serious for both containerized and non-containerized environments. The only cases immune to the credential disclosure issue are Docker containers built before February 2023.
Source: Port Altele
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
