CVE-2023-49103 - ownCloud graphapi Information Disclosure Vulnerability
Project:ownCloud
Product:ownCloud graphapi
Date Added:2023-11-30Due Date:2023-12-21
Vulnerability Name
ownCloud graphapi Information Disclosure Vulnerability
Description
ownCloud graphapi contains an information disclosure vulnerability that can reveal sensitive data stored in phpinfo() via GetPhpInfo.php, including administrative credentials.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments/
https://nvd.nist.gov/vuln/detail/CVE-2023-49103
Related News Articles
Surge in attacks exploiting old ThinkPHP and ownCloud flawsFebruary 13, 2025