3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches

3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches

The maintainers of the open-source file-sharing software ownCloud have warned of three critical security flaws that could be exploited to disclose sensitive information and modify files.

A brief description of the vulnerabilities is as follows –

  • Disclosure of sensitive credentials and configuration in containerized deployments impacting graphapi versions from 0.2.0 to 0.3.0. (CVSS score: 10.0)
  • WebDAV Api Authentication Bypass using Pre-Signed URLs impacting core versions from 10.6.0 to 10.13.0 (CVSS score: 9.8)
  • Subdomain Validation Bypass impacting oauth2 prior to version 0.6.1 (CVSS score: 9.0)

The second problem makes it possible to access, modify or delete any file sans authentication if the username of the victim is known and the victim has no signing-key configured, which is the default behavior.

Lastly, the third flaw relates to a case of improper access control that allows an attacker to “pass in a specially crafted redirect-url which bypasses the validation code and thus allows the attacker to redirect callbacks to a TLD controlled by the attacker.”

The disclosure comes as a proof-of-concept (PoC) exploit has been released for a critical remote code execution vulnerability in the CrushFTP solution (CVE-2023-43177) that could be weaponized by an unauthenticated attacker to access files, run arbitrary programs on the host, and acquire plain-text passwords.

The issue has been addressed in CrushFTP version 10.5.2, which was released on August 10, 2023.

“This vulnerability is critical because it does NOT require any authentication,” CrushFTP noted in an advisory released at the time. “It can be done anonymously and steal the session of other users and escalate to an administrator user.”


Source: https://thehackernews.com/