ownCloud Vulnerabilities

 Vulnerabilities in ownCloud

• CVE-2023-49103 (CVSS Score: 10): This vulnerability exists in ownCloud's Microsoft Graph API app versions 0.2.0 through 0.3.0. It allows attackers to exploit a third-party library dependency to gather sensitive information such as admin passwords, mail server credentials, and license keys. The flaw exposes details about the PHP environment, which can be manipulated via a specific URL.

• CVE-2023-49105 (CVSS Score: 9.8): This is an authentication bypass vulnerability in ownCloud’s WebDAV API. Attackers can exploit it to access, modify, or delete files if they know the user's username, and the user hasn't set up a signing key (which is the default setting).

• CVE-2023-49104 (CVSS Score: 8.7): This subdomain validation bypass flaw affects the OAuth2 library versions below 0.6.1. It allows an attacker to use a specially crafted redirect URL that bypasses the validation code, leading to redirection of callbacks to a malicious domain controlled by the attacker.