ownCloud, an open-source file synchronization and sharing platform, caters to individuals and organizations seeking self-hosted file management solutions. It’s trusted by diverse entities including businesses, educational institutes, government agencies, and privacy-conscious individuals, boasting 200,000 installs, 600 enterprise customers, and 200 million users.

The software consists of multiple libraries and components that work together to provide a range of functionalities for the cloud storage platform.

OwnCloud has disclosed three critical vulnerabilities, the most serious of which leads to sensitive data exposure and carries a maximum severity score.

Description of Vulnerabilities

 Vulnerability 1: Disclosure of Credentials and Configuration (CVE-2023-49103)

Severity: Critical (CVSS v3 score: 10)

Affected Versions: graphapi 0.2.0 to 0.3.0

Issue: Dependency on a third-party library exposes PHP environment details, divulging sensitive data like admin passwords, mail server credentials, and license keys.

Fix: Delete specific file, disable ‘phpinfo’ function in Docker containers, and change exposed secrets.

 

Vulnerability 2: Authentication Bypass (CVE-2023-49105)

Severity: Critical (CVSS v3 score: 9.8)

Affected Versions: ownCloud core library versions 10.6.0 to 10.13.0

Issue: Enables unauthorized file access, modification, or deletion without authentication if the user’s username is known and no signing key is configured.

Solution: Deny pre-signed URL use if no signing key is configured.

 

 Vulnerability 3: Subdomain Validation Bypass (CVE-2023-49104)

Severity: High (CVSS v3 score: 9)

Affected Versions: oauth2 library versions below 0.6.1

Issue: Allows redirection of callbacks to attacker-controlled domains by bypassing validation code using a crafted redirect URL.

Mitigation: Harden validation code in the Oauth2 app and consider disabling the “Allow Subdomains” option temporarily.

 

Impact and Risks

The disclosure of these vulnerabilities significantly jeopardizes ownCloud’s security and data integrity, raising the specter of sensitive information exposure, covert data theft, and potential phishing attacks. File-sharing platforms, like ownCloud, have increasingly become prime targets for cyber threats such as ransomware attacks. This underscores the urgency for ownCloud administrators to take immediate action by applying the recommended fixes and promptly updating libraries. The gravity of these security flaws necessitates swift and comprehensive measures to mitigate potential risks, ensuring the continued resilience of ownCloud against evolving cyber threats.

 

Recommendations for ownCloud Administrators

 Immediate Actions

• Apply Fixes Promptly: Immediately implement recommended fixes provided by ownCloud for each vulnerability to prevent potential exploitation.
• Update Libraries: Perform updates for affected components to mitigate security risks and enhance system integrity.
• Specific Action for Vulnerability 1: Delete the ‘owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php’ file, disable the ‘phpinfo’ function in Docker containers and update potentially exposed secrets like admin passwords and access keys.
• Preventive Measure for Vulnerability 2: ownCloud strongly advises administrators to deny the use of pre-signed URLs if the file owner’s signing key is not configured. This proactive approach is critical in protecting the confidentiality and integrity of data stored within ownCloud, emphasizing the critical need for administrators to apply security patches and updates as soon as possible to avoid any potential exploitation of this high-severity vulnerability.

 

Security Measures

• Regular Security Audits: Conduct routine security audits to identify and address vulnerabilities proactively.
• Access Control Enhancement: Enforce stringent access controls and configurations to limit unauthorized access to files and sensitive data.
• Implement Hardening Measures: Strengthen security measures within the platform, especially around sensitive functionalities, to fortify against potential breaches.

By prioritizing these recommendations, ownCloud administrators can bolster the platform’s security posture and minimize the potential risks posed by the disclosed vulnerabilities. Continual vigilance and proactive measures are key to maintaining the integrity and safety of the ownCloud environment.