ownCloud exploits for CVE-2023-49105
ownCloud exploits for CVE-2023-49105 Refer to the article for details about the bug Provided for educational purposes only
An issue exists in ownCloud owncloud/core prior to 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no signing-key is configured for the owner of the files. The earliest affected version is 10.6.0.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
owncloud owncloud |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Mitigations require mix of updating libraries and manual customer action
ownCloud has disclosed three critical vulnerabilities, the most serious of which leads to sensitive data exposure and carries a maximum severity score. The open source file-sharing software company said containerized deployments of ownCloud could expose admin passwords, mail server credentials, and license keys. Tracked as CVE-2023-49103, the vulnerability carries a maximum severity rating of 10 on the CVSS v3 scale and affects the garaphapi app version 0.2.0 to 0.3.0. The app relies on a ...