Experts warn of critical ownCloud vulnerability being exploited

Jason Macuray
Several security research companies are warning that a recently disclosed vulnerability affecting ownCloud is being exploited by hackers, ramping up the urgency for organizations to address the bug as soon as possible.

Several security research companies are warning that a recently disclosed vulnerability affecting ownCloud is being exploited by hackers, ramping up the urgency for organizations to address the bug as soon as possible.

ownCloud is popular open-source software used to share files, contacts and calendar information. On November 21, the company warned of CVE-2023-49103 — a vulnerability that carries the maximum CVSS severity score of 10 and exposes sensitive information if exploited.

Two organizations — Shadowserver and GreyNoise — warned that the vulnerability is being exploited in attacks.

GreyNoise’s Glenn Thorpe wrote on Monday that the bug affects the “graphapi” app used in ownCloud and allows attackers to access admin passwords, mail server credentials, and license keys.

ownCloud added in its advisory that the bug “exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system.”

“Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern,” the company noted.

ownCloud urged customers to delete certain files and said it would “apply various hardenings in future core releases to mitigate similar vulnerabilities.” They also said customers should change their ownCloud admin password, mail server credentials, database credentials and the Object-Store/S3 access-key.

The company disclosed two other vulnerabilities the same day that also had a high CVSS scores of 9.8 and 9 respectively.

Thorpe said they began to see exploitation on November 25 with a large spike in attempts on Sunday and Monday — with at least 12 unique IP addresses targeting the vulnerability. Shadowserver said its own scans have revealed thousands of vulnerable instances in Germany, U.S., France and Russia.

Johannes Ullrich, dean of research at the SANS Technology Institute, echoed those findings but noted that hackers typically target ownCloud in an effort to “find instances of ownCloud to exploit old vulnerabilities or attempt weak passwords.”

The Cybersecurity and Infrastructure Security Agency (CISA) included all three issues in its vulnerability roundup bulletin where they spotlight new bugs experts should be aware of.

BriefsCybercrimeIndustry
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Google network displayed ads on sanctioned websites, report shows

Next Post

Japan’s space agency hit by cyberattack

Related Posts

New BunnyLoader Malware Variant Surfaces with Modular Attack Features

Cybersecurity researchers have discovered an updated variant of a stealer and malware loader called BunnyLoader that modularizes its various functions as well as allow it to evade detection. "BunnyLoader is dynamically developing malware with the capability to steal information, credentials and cryptocurrency, as well as deliver additional malware to its victims," Palo Alto Networks
Omega Balla
Read More