What are the security concerns reported by security researchers for OwnCloud?

Security researchers have observed active exploitation attempts against a severe vulnerability in OwnCloud's Graph API app, specifically targeting one recently disclosed by the company.

What are the CVSS3 scores of the vulnerabilities found in OwnCloud?

The vulnerabilities disclosed by OwnCloud, identified as CVE-2023-49103, CVE-2023-49105, and CVE-2023-49104, have high severity CVSS3 scores of 10, 9.8, and 8.7 respectively.

Which OwnCloud vulnerability is under active exploitation and what does it affect?

The most severe vulnerability under active exploitation is CVE-2023-49103, affecting OwnCloud's Microsoft Graph API app versions 0.2.0 to 0.3.0, linked to a third-party library that could be exploited to manipulate API-provided URLs.

Has OwnCloud provided any mitigation instructions for the vulnerabilities?

Yes, OwnCloud has issued mitigation instructions for the vulnerabilities, particularly for the critical CVE-2023-49103.

What has the Shadowserver Foundation reported regarding the exploitation of OwnCloud vulnerabilities?

The Shadowserver Foundation has reported on Twitter that it has observed attempts to exploit the CVE-2023-49103 vulnerability in OwnCloud, emphasizing the urgency of applying the mitigations due to the vulnerability's ease of exploitation.

Why is it recommended to patch the vulnerabilities in OwnCloud as soon as possible?

Since OwnCloud is a publicly facing system by its design, it is highly recommended to patch these vulnerabilities promptly to prevent potential security breaches and data exposure.

Attack

OwnCloud critical vulnerabilities already activelly attacked

published: Nov. 27, 2023

Take action: If you missed the advisory and you are using ownCloud, wake up your team and start applying the workarounds immediately. Hackers are already looking for your exposed ownCloud GraphAPI to hack you.

Learn More

Security researchers have noted active exploitation attempts targeting one of the severe vulnerabilities published by OwnCloud last week.

The three vulnerabilities - CVE-2023-49103, CVE-2023-49105 and CVE-2023-49104 are ranked very high on the CVSS3 scale - 10, 9.8 and 8.7 respectivelly.

The most severe vulnerability, CVE-2023-49103,affects versions 0.2.0 to 0.3.0 of OwnCloud's Microsoft Graph API app and is linked to a third-party library that could be exploited to manipulate API-provided URLs. OwnCloud has issued mitigation instructions.

The Shadowserver Foundation, a non-profit security organization, echoed the urgency of mitigating this issue by reporting on Twitter that it had observed attempts to exploit CVE-2023-49103, stressing the ease with which this could be done.

Since OwnCloud is a publicly facing system by it's design, patching as soon as possible is highly recommended.

OwnCloud critical vulnerabilities already activelly attacked

Read More
CISA reports active exploitation of two GeoVision Device …
Hackers are attacking a critical RCE flaw in …
Critical MS Exchange Server vulnerability actively attacked, one …
CISA reports active exploitation of flaw in Palo …
SonicWall confirms active exploitation of two SMA vulnerabilities