ownCloud Flaw Exploited by Hackers, Urgent Patch Required

November 28, 2023 at 04:14 PM

•

1 min read

ownCloud Flaw Exploited by Hackers, Urgent Patch Required — Photo: BleepingComputer

TL;DR Summary

Hackers are actively exploiting a critical vulnerability in ownCloud, an open-source file synchronization and sharing solution. Tracked as CVE-2023-49103, the flaw allows remote attackers to execute phpinfo() through the ownCloud 'graphapi' app, exposing sensitive data such as admin passwords, mail server credentials, and license keys in containerized deployments. Threat tracking firms have observed mass exploitation of the vulnerability, with over 11,000 exposed instances detected. ownCloud administrators are urged to delete the vulnerable file, disable the 'phpinfo' function in Docker containers, and change potentially exposed secrets to mitigate the risk.

Topics:top-news #containerized-deployments #cybersecurity #data-breach #exploitation #owncloud #vulnerability

Share this article

Hackers start exploiting critical ownCloud flaw, patch now BleepingComputer
ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation Ars Technica
Experts warn of critical ownCloud vulnerability being exploited The Record from Recorded Future News
Exploitation of Critical ownCloud Vulnerability Begins SecurityWeek
Critical ownCloud flaw under attack (CVE-2023-49103) Help Net Security

Reading Insights

Total Reads

Unique Readers

Time Saved

1 min

vs 2 min read

Condensed

75%

361 → 89 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights