Three critical vulnerabilities have been reported to affect OwnCloud, exposing users to potential data breaches.
OwnCloud is an open-source sharing software that allows individuals and organisations to self-host their own file shares. It reports having 200,000 installs, 600 enterprise customers and 200 million users. The maintainers of the software have issued warnings about three critical security vulnerabilities. One of these flaws, with a maximum severity score, exposes administrator passwords and mail server credentials. The vulnerability arises from the software’s dependency on a third-party library, impacting containerized deployments and potentially exposing sensitive information such as admin passwords and license keys. The recommended fix includes deleting a specific file, disabling certain functions in Docker containers, and changing exposed secrets. Two other vulnerabilities include an authentication bypass issue and a subdomain validation bypass problem, both posing significant risks to the security and integrity of the ownCloud environment. Administrators are urged to apply the recommended fixes promptly to mitigate potential data breaches, data theft, and phishing attacks. Security vulnerabilities in file-sharing platforms have been targeted by cyber threats, emphasizing the importance of immediate action to enhance security measures.
https://www.bleepingcomputer.com/news/security/critical-bug-in-owncloud-file-sharing-app-exposes-admin-passwords/
https://thehackernews.com/2023/11/warning-3-critical-vulnerabilities.html
This segment was created for the It’s 5:05 podcast
https://505updates.com/2023-11-27-cybersecurity-and-open-source-headlines/