- This robot vacuum has a side-mounted handheld vacuum and is $380 off for Black Friday
- This 2 TB Samsung 990 Pro M.2 SSD is on sale for $160 this Black Friday
- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
Hackers Exploit Critical Vulnerability in ownCloud
Security experts have urged ownCloud customers to mitigate a critical zero-day vulnerability in its “graphapi” app announced last week, after observing mass exploitation by threat actors.
Security vendor GreyNoise raised the alarm after file server and collaboration platform ownCloud revealed the CVSS 10.0-rated vulnerability on November 21.
“The ‘graphapi’ app relies on a third-party library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo),” ownCloud said at the time.
“This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key.”
In short, exploitation could allow malicious actors to take full administrative control of servers running ownCloud.
Read more on CVSS 10.0 vulnerabilities: MOVEit Developer Patches Critical File Transfer Bugs
GreyNoise said that threat actors began exploiting the vulnerability en masse as early as November 25.
“Disabling the app does not entirely resolve the issue, and even non-containerized ownCloud instances are at risk. Docker containers before February 2023 are not affected,” it explained.
Customers are urged to take the mitigation measures suggested by ownCloud: delete the file owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php.
The company also advised customers to change their ownCloud admin password, mail server credentials, database credentials and object-Store/S3 access-key.
“This one is concerning because ownCloud is the type of software that home users and small businesses tend to set up and then forget,” explained Bugcrowd founder, Casey Ellis.
“The combination of the impact of this vulnerability and the type of personal/valuable data stored in ownCloud instances provides a wide variety of options for attackers looking to exploit it. I’d be very surprised if we don’t start hearing about ransomed ownCloud instances in the coming days.”
As if that weren’t enough, ownCloud also revealed two additional critical vulnerabilities: an authentication bypass flaw, CVE-2023-49105, that has a CVSS score of 9.8 and a subdomain validation bypass flaw, CVE-2023-49104, which has a score of 8.7.
