Actively Exploited ownCloud Flaw Is So Bad It Earned A Max 10 Security Alert

A security vulnerability found in ownCloud, a provider of open-source software solutions for organizations to host and sync files, is now being actively exploited by threat actors. The vulnerability, CVE-2023-49103, was initially disclosed by ownCloud on November 21, 2023 whereupon it was assessed as being a critical risk, earning it a CVSS v3 Base Score of 10—the maximum possible value.

With this vulnerability, attackers can access a lot of sensitive data. According to ownCloud, "The graphapi app relies on a third-party library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key."

Unfortunately, disabling the graphapi app will not keep users safe. Moreover, phpinfo can potentially leak sensitive configuration details that an attacker can exploit to gain information about the system. Because of this, ownCloud warns users that it can still be a danger to systems even if it is not being run in a containerized environment.


Unsurprisingly, malicious actors began to exploit the vulnerability almost immediately. Security researchers at GreyNoise have stated that it “has observed mass exploitation of this vulnerability in the wild as early as November 25, 2023.”

ownCloud has hit a bit of a rough patch with regards to security lately, announcing two other critical security vulnerabilities. One such flaw is CVE-2023-49105 which deals with an authentication bypass, while the other is CVE-2023-49104 which relates to the oauth2 app. ownCloud users will need to follow the instructions set under “Actions Taken” to mitigate this newest issue as the company is promising to harden the software in future releases.