Detections
Analytics

ownCloud Server < 10.13.3 Multiple Vulnerabilities

critical Nessus Plugin ID 189276

Language:

Synopsis

The version of ownCloud installed on the remote host is affected by multiple vulnerabilities.

Description

The version of ownCloud installed on the remote host is prior to 10.13.3. It is, therefore, affected by multiple vulnerabilities:

 - An issue was discovered in ownCloud owncloud/graphapi The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern (CVE-2023-49103)

 - An issue was discovered in ownCloud owncloud/oauth2 when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker. (CVE-2023-49104)

 - An issue was discovered in ownCloud owncloud/core. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no signing-key is configured for the owner of the files. (CVE-2023-49105)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to ownCloud version 10.13.3 or later.

See Also

http://www.nessus.org/u?e204fc34

Plugin Details

Severity: Critical

ID: 189276

File Name: owncloud_10_13_3.nasl

Version: 1.1

Type: combined

Agent: unix

Family: CGI abuses

Published: 1/22/2024

Updated: 1/22/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-49105

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:owncloud:owncloud

Required KB Items: installed_sw/OwnCloud OwnCloud

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/1/2023

Vulnerability Publication Date: 12/1/2023

CISA Known Exploited Vulnerability Due Dates: 12/21/2023

Reference Information

CVE: CVE-2023-49103, CVE-2023-49104, CVE-2023-49105