A crucial vulnerability in ownCloud servers is being exploited en masse

Facepalm: OwnCloud is an open-source software program designed for sharing and syncing files in allotted and federated business enterprise environments. The tool provides collaboration and file-sharing services, however a lately disclosed vulnerability has extended its "sharing" talents in an unintentional way, compromising sensitive information.

This beyond week, ownCloud publicly disclosed a essential vulnerability inside the "graphapi" app. The security flaw is being tracked with the very best stage of risk on the CVE scale (10) as CVE-2023-49103. A week later, protection researchers have now started out to witness what should quantity to "mass" exploitation of this extremely dangerous flaw.

According to ownCloud's respectable advisory, the CVE-2023-49103 difficulty stems from a 3rd-celebration library used by the graphapi app (GetPhpInfo.Personal home page). The library offers a URL that, when accessed, well-knownshows the configuration details of the PHP surroundings. The supplied facts also consists of all the environment variables of the webserver, ownCloud said.

The problem basically arises in containerized deployments of ownCloud, in which the environment variables disclosed by means of getphpinfo.Php "may encompass" touchy information including admin passwords, server credentials, and license keys. Simply disabling the graphapi app would not get rid of the vulnerability, because the flawed library nevertheless affords the secret-disclosing URL, according to ownCloud.

Aside from disclosing server secrets, the prone phpinfo library can disclose different doubtlessly sensitive configuration details that an attacker may want to make the most to accumulate similarly facts approximately the system. Even if ownCloud isn't always jogging in a containerized environment, the advisory warns, server admins should nonetheless be concerned approximately the vulnerability's potential consequences.

According to security organisation GreyNoise, the CVE-2023-49103 flaw is now actively being exploited by cyber-criminals. Researchers describe a "mass exploitation" of the flaw within the wild, which they detected as early as November 25, 2023. Black hat hackers are seeking passwords, mail server credentials, and license keys, which the distinctive vulnerability might gladly display to every body.

While the organisation is working on "diverse hardenings" in destiny middle releases to avoid comparable vulnerabilities, ownCloud cautioned customers to delete the wrong GetPhpInfo.Hypertext Preprocessor library from their servers. Furthermore, the phpinfo feature turned into disabled in the bins the German agency immediately offers to its corporation customers.

Further advice provided via ownCloud includes a global reset of server "secrets," which include passwords, credentials, and get entry to keys. In addition to CVE-2023-49103, GreyNoise feedback that ownCloud these days disclosed additional vital vulnerabilities. The flaws consist of an authentication bypass trouble with a 9.8 CVE score (CVE-2023-49105) and a relatively risky flaw related to the oauth2 app (CVE-2023-49104).