Greynoise reports that CVE-2023-49103, a graphapi vulnerability affecting the ownCloud open-source storage solution, is actively being exploited in the wild. According to intelligence provided by Greynoise, these events commenced on November 25, 2023, just a few days after ownCloud disclosed the vulnerability, along with two other critical ones (for full context, refer to the post Clipeus Intelligence published last week).
Remediation
OwnCloud recommends the following actions:
Deletion of the file owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php
Disabling the phpinfo function in docker-containers
Changing secrets such as: ownCloud admin password, mail server credentials, database credentials, object-Store/S3 access-key.