Top file-sharing service hit with embarrassing security bug that reveals admin passwords

As it consists of multiple libraries, the vulnerabilities discovered were found in different components. The first one, CVE-2023-49103, can be abused to steal login data and configuration information in containerized deployments. This flaw was given the maximum severity score - 10.

Applying the fixes

The second flaw allows threat actors to bypass authentication and thus access, modify, and delete files found on the servers. All the attackers need is a username of a user that kept the default settings for the signing-key. This flaw was given a rating of 9.8.

The third is the least severe of all, with a severity score of 9. This vulnerability is a subdomain validation bypass that hackers can abuse by creating a unique URL that bypasses the validation code. As a result, the hackers can redirect callbacks to a domain controlled by the attacker. 

All three vulnerabilities have different mitigation methods, so users are advised to read the details here, here, and here. They are also advised not to delay in applying these fixes, as the flaws severely impact the security and integrity of the ownCloud platform. 

Hackers can abuse it steal data, engage in identity theft and phishing, and more. The problem is all the more pressing considering that recently, other prominent file sharing services, most notably GoAnywhere and MOVEit, were breached, leading to thousands of firms having their sensitive data compromised or stolen. 

Via BleepingComputer

More from TechRadar Pro

• Microsoft claims CyberLink has been breached by North Korean hackers
• Here's a list of the best firewalls around today
• These are the best endpoint protection tools right now