The version of ownCloud installed on the remote host is prior to 10.13.3. It is, therefore, affected by multiple vulnerabilities:

  - An issue was discovered in ownCloud owncloud/graphapi The graphapi app relies on a third-party GetPhpInfo.php     library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment     (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments,     these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials,     and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes     various other potentially sensitive configuration details that could be exploited by an attacker to gather information     about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should     still be a cause for concern (CVE-2023-49103)

  - An issue was discovered in ownCloud owncloud/oauth2 when Allow Subdomains is enabled. An attacker is able to pass in a     crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level     Domain controlled by the attacker. (CVE-2023-49104)

  - An issue was discovered in ownCloud owncloud/core. An attacker can access, modify, or delete any file without authentication     if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can     be accepted even when no signing-key is configured for the owner of the files. (CVE-2023-49105)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

ownCloud Server < 10.13.3 Multiple Vulnerabilities

critical Nessus Plugin ID 189276

Version 1.1