The New Zealand National Cyber Security Centre (NCSC) has issued a Cyber Security Alert highlighting three high-severity Common Vulnerabilities and Exposures (CVEs) impacting ownCloud, an open-source software designed for file sharing and synchronization in distributed and federated enterprise environments.
The identified CVEs and their respective impacts are as follows:
- CVE-2023-49103: Disclosure of Sensitive Credentials and Configuration in Containerized Deployments
- Affected Versions: graphapi versions 0.2.0 to 0.3.0
- CVE-2023-49105: WebDAV API Authentication Bypass using Pre-Signed URLs
- Affected Versions: core versions 10.6.0 to 10.13.0
- CVE-2023-49104: Subdomain Validation Bypass
- Affected Versions: oauth2 versions prior to 0.6.1