High-Risk Vulnerability in ownCloud App Threatens Exposure of Administrator Credentials


Open source file sharing software ownCloud has issued an alert regarding three critical security vulnerabilities. These flaws, if exploited, could lead to the exposure of sensitive information including administrator passwords and mail server credentials.

ownCloud, a popular open-source file synchronization and sharing solution, is widely used across various sectors. It is a preferred choice for businesses, educational institutes, government agencies, and privacy-focused individuals who opt for a self-hosted platform to manage and share files, maintaining control over their data. The platform boasts significant usage statistics, with over 200,000 installations, 600 enterprise customers, and a user base of 200 million.

The software is a composite of various libraries and components that collectively provide a versatile range of functionalities for cloud storage.

Critical Security Risks Identified

The ownCloud development team has released three security bulletins this week, highlighting the vulnerabilities in its components, which pose serious threats to the integrity of the system.

Severe Credential Theft Risk (CVE-2023-49103): This vulnerability, scoring a maximum of 10 on the CVSS v3 scale, targets containerized deployments. It allows unauthorized access to credentials and configuration data, affecting all environment variables of the webserver. The flaw exists due to a dependency on a third-party library in graphapi versions 0.2.0 to 0.3.0, which inadvertently exposes PHP environment details. The recommended remedy includes deleting a specific file in the graphapi app, disabling the 'phpinfo' function in Docker containers, and changing all potentially compromised credentials.

Authentication Bypass (CVSS v3: 9.8): This flaw, affecting ownCloud core library versions from 10.6.0 to 10.13.0, allows attackers to bypass authentication, potentially leading to unauthorized file access, modification, or deletion. The vulnerability is particularly exploitable if the username is known and a signing-key is not configured. The advised solution is to disable the use of pre-signed URLs without a configured signing key.

Subdomain Validation Bypass (CVSS v3: 9): Affecting all versions of the oauth2 library below 0.6.1, this vulnerability allows attackers to redirect callbacks to a domain under their control by exploiting a weakness in the URL validation process. Hardening the validation code in the Oauth2 app is recommended, along with a temporary workaround of disabling the "Allow Subdomains" option.

Immediate Action Required

These vulnerabilities significantly compromise the security and integrity of the ownCloud environment, with risks including data theft, phishing attacks, and more. The increasing focus of ransomware groups on exploiting such vulnerabilities in file-sharing platforms underscores the urgency of addressing these issues. It is crucial for ownCloud administrators to promptly implement the recommended fixes and update the affected libraries to safeguard against these threats.

Post a Comment