Menace actors have began exploiting a vital info disclosure vulnerability within the open supply file-sharing and collaboration software program ownCloud solely days after its public disclosure.
The vulnerability, tracked as CVE-2023-49103, impacts the Graphapi app, permitting attackers to retrieve delicate atmosphere variables, together with credentials, license keys, and different system info.
Impacting Graphapi variations 0.2.0 to 0.3.0, the flaw can’t be mitigated by disabling the Graphapi app, and in addition requires altering passwords for administrative accounts, entry keys, and credentials for the mail server and database.
ownCloud disclosed the vulnerability on November 21, together with two different vital points within the software program (CVE-2023-49104 and CVE-2023-49105). On Monday, the US cybersecurity company CISA included the bugs in its weekly vulnerability roundup, and not using a severity ranking.
Additionally on Monday, assault exercise and uncovered asset monitoring providers issued warnings concerning the first in-the-wild exploitation makes an attempt concentrating on CVE-2023-49103.
Nonprofit cybersecurity group Shadowserver Basis warned that it has recognized roughly 11,000 ownCloud cases which are uncovered to the web, and that are probably in danger.
The most important variety of these cases are in Germany (2,000), adopted by the US (1,400), and France (1,300). Russia, Poland, the Netherlands, Italy, the UK, Canada, and Spain spherical up high 10, with a whole bunch of cases every.
Shadowserver warns that the vulnerability may be very simple to take advantage of, urging directors to comply with the mitigation steps outlined by ownCloud.
In line with knowledge from Greynoise, the concentrating on of CVE-2023-49103 began on November 25, with assaults originating from a single IP handle. The variety of exploitation makes an attempt elevated on Monday, with 11 distinctive IPs becoming a member of the fray.
Johannes Ullrich of the SANS Web Storm Heart too warned of exercise concentrating on the ownCloud vulnerability, detailing 5 IPs concerned within the noticed assaults, which have scanned for recordsdata inside susceptible ownCloud cases.
“This sample can counsel potential coordinated efforts by menace actors or botnets aiming to take advantage of the disclosed security flaw,” SOC Radar notes.
Ullrich, nonetheless, factors out that there’s a regular circulate of assaults concentrating on ownCloud cases, a lot of which “are seemingly simply looking for cases of ownCloud to take advantage of outdated vulnerabilities or try weak passwords”.
