ownCloud has warned in an advisory that it has seen critical vulnerabilities. The vulnerabilities could lead to the exposure of credentials and other sensitive information and bypass authentication solutions.
This serious issue may impact the graphapi app because it uses third-party URLs and has access to configuration details. The issue may impact graphapi versions 0.2.0 to 0.3.0
Additional sensitive data is included in phpinfo that may allow an attacker to gather more system information. This should be a key concern for all administrators if ownCloud doesn’t run in a containerized environment. Such environment variables may include the ownCloud admin password, mail server credentials, and license keys.
Administrators are advised to change their own Cloud admin password, the Object-Store/S3 access key, and mail server and database credentials.
Read More: Critical ownCloud Flaws Lead to Sensitive Information Disclosure, Authentication Bypass
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
