top of page
  • Clipeus

OwnCloud Vulnerabilities Exploited In The Wild

Greynoise reports that CVE-2023-49103, a graphapi vulnerability affecting the ownCloud open-source storage solution, is actively being exploited in the wild. According to intelligence provided by Greynoise, these events commenced on November 25, 2023, just a few days after ownCloud disclosed the vulnerability, along with two other critical ones (for full context, refer to the post Clipeus Intelligence published last week).


Remediation

OwnCloud recommends the following actions:

  • Deletion of the file owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php

  • Disabling the phpinfo function in docker-containers

  • Changing secrets such as: ownCloud admin password, mail server credentials, database credentials, object-Store/S3 access-key.


댓글


댓글 작성이 차단되었습니다.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to info@clipeusintelligence.com with your inquiry. We would be glad to assist you

bottom of page