Numerous security vulnerabilities riddled the privacy of ownCloud users that the vendor patched recently. Exploiting these vulnerabilities could expose users’ passwords to potential adversaries.
ownCloud Vulnerabilities Risked User Accounts
According to the recent advisories, ownCloud addressed three different security vulnerabilities threatening platform security. These include:
- Disclosure of credentials: This one is the most critical vulnerability among all three, achieving a CVSS score of 10. It affected the platform’s graphapi 0.2.0 – 0.3.0. As described, “the “graphapi” app relies on a third-party library that provides a URL.” Accessing this URL exposed the configuration details of the PHP environment, which may include sensitive data such as mail server credentials, license key, and ownCloud admin passwords. To mitigate this flaw, the service disabled the phpinfo function in the docker-containers. Nonetheless, it advised users to delete the “owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php” file to prevent unauthorized access.
- WebDAV API Authentication Bypass: This high-severity vulnerability could allow an adversary to access, delete, or modify files without authentication. Exploiting the flaw merely required the attacker to know the victim’s username with the account’s default configuration (no signing-key configured). This vulnerability received a CVSS score of 9.8. It affected ownCloud core 10.6.0 – 10.13.0, which the platform addressed by denying pre-signed URLs for accounts with no signing-key configured.
- Subdomain Validation Bypass: This high-severity issue achieved a CVSS score of 9, thus becoming the least severe of all three ownCloud vulnerabilities. It affected the oauth2 versions below 0.6.1. An attacker could exploit the flaw by sending a maliciously crafted redirect-URL to bypass the validation code and redirect callbacks to an attacker-controlled TLD. The service recommends disabling the “allow subdomains” option to avoid the flaw while addressing the matter by hardening the validation code.
ownCloud is an open-source file-sharing platform facilitating business users to share files without relying on third-party hosting. According to its website, ownCloud currently boasts over 500 enterprise customers and roughly 200 million users globally.
Let us know your thoughts in the comments.