CVE-2023-49103
ownCloud graphapi Information Disclosure Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
YesDecision
Descriptions
An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure.
Se descubrió un problema en ownCloud owncloud/graphapi 0.2.x anterior a 0.2.1 y 0.3.x anterior a 0.3.1. La aplicación Graphapi se basa en una librería GetPhpInfo.php de terceros que proporciona una URL. Cuando se accede a esta URL, se revelan los detalles de configuración del entorno PHP (phpinfo). Esta información incluye todas las variables de entorno del servidor web. En implementaciones en contenedores, estas variables de entorno pueden incluir datos confidenciales, como la contraseña del administrador de ownCloud, las credenciales del servidor de correo y la clave de licencia. Simplemente deshabilitar la aplicación Graphapi no elimina la vulnerabilidad. Además, phpinfo expone otros detalles de configuración potencialmente confidenciales que un atacante podría aprovechar para recopilar información sobre el sistema. Por lo tanto, incluso si ownCloud no se ejecuta en un entorno en contenedores, esta vulnerabilidad debería ser motivo de preocupación. Tenga en cuenta que los contenedores Docker anteriores a febrero de 2023 no son vulnerables a la divulgación de credenciales.
Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app graph installed contain a test file which prints phpinfo() to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter. Docker may export sensitive environment variables including ownCloud, DB, redis, SMTP, and S3 credentials, as well as other host information.
ownCloud graphapi contains an information disclosure vulnerability that can reveal sensitive data stored in phpinfo() via GetPhpInfo.php, including administrative credentials.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-11-21 CVE Reserved
- 2023-11-21 CVE Published
- 2023-11-30 Exploited in Wild
- 2023-12-02 First Exploit
- 2023-12-21 KEV Due Date
- 2024-09-04 CVE Updated
- 2024-10-21 EPSS Updated
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
https://owncloud.org/security | Product |
URL | Date | SRC |
---|---|---|
https://github.com/creacitysec/CVE-2023-49103 | 2023-12-02 | |
https://github.com/merlin-ke/OwnCloud-CVE-2023-49103 | 2023-12-19 | |
https://github.com/MixColumns/CVE-2023-49103 | 2023-12-06 | |
https://github.com/d0rb/CVE-2023-49103 | 2024-06-27 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Owncloud Search vendor "Owncloud" | Graph Api Search vendor "Owncloud" for product "Graph Api" | 0.2.0 Search vendor "Owncloud" for product "Graph Api" and version "0.2.0" | - |
Affected
| ||||||
Owncloud Search vendor "Owncloud" | Graph Api Search vendor "Owncloud" for product "Graph Api" | 0.3.0 Search vendor "Owncloud" for product "Graph Api" and version "0.3.0" | - |
Affected
|