Cyber Security Alert: Three High-Severity CVEs Affecting ownCloud

The New Zealand National Cyber Security Centre (NCSC) has issued a Cyber Security Alert highlighting three high-severity Common Vulnerabilities and Exposures (CVEs) impacting ownCloud, an open-source software designed for file sharing and synchronization in distributed and federated enterprise environments.

The identified CVEs and their respective impacts are as follows:

  1. CVE-2023-49103: Disclosure of Sensitive Credentials and Configuration in Containerized Deployments
    • Affected Versions: graphapi versions 0.2.0 to 0.3.0
  2. CVE-2023-49105: WebDAV API Authentication Bypass using Pre-Signed URLs
    • Affected Versions: core versions 10.6.0 to 10.13.0
  3. CVE-2023-49104: Subdomain Validation Bypass
    • Affected Versions: oauth2 versions prior to 0.6.1