Last week, ownCloud released an advisory disclosing a new vulnerability, CVE-2023-49103 [1]. The vulnerability will allow attackers to gain access to admin passwords. To exploit the vulnerability, the attacker will use the “graphapi” app to access the output of “phpinfo”. If the ownCloud install runs in a container, it will allow access to admin passwords, mail server credentials, and license keys.
Article Link: https://isc.sans.edu/diary/rss/30432