Severe ownCloud Vulnerabilities Risk Data Exposure

Severe ownCloud Vulnerabilities Risk Data Exposure

Product and Affected Versions

  1. Product: ownCloud
  2. Affected Versions:
    • graphapi versions 0.2.0 to 0.3.0
    • core versions 10.6.0 to 10.13.0
    • oauth2 versions prior to 0.6.1

Severity and CVE ID

  1. Vulnerability 1:
    • Severity: Critical
    • CVE ID: Not specified
  2. Vulnerability 2:
    • Severity: Critical
    • CVE ID: Not specified
  3. Vulnerability 3:
    • Severity: High
    • CVE ID: Not specified


  1. Disclosure of Sensitive Information (graphapi):
    • Exposes sensitive credentials and configuration in containerized deployments.
  2. WebDAV API Authentication Bypass (core):
    • Allows unauthorized access, modification, or deletion of files without authentication.
  3. Subdomain Validation Bypass (oauth2):
    • Improper access control allows redirection to a crafted URL, bypassing validation.

How Attack Works

  1. Vulnerability 1 Attack:
    • Accessing a URL in the ‘graphapi’ app reveals PHP environment details, including sensitive data like admin passwords and server credentials.
  2. Vulnerability 2 Attack:
    • Exploits the default behavior of allowing access to files without authentication if the victim’s username is known and signing-key isn’t configured.
  3. Vulnerability 3 Attack:
    • Crafting a redirect URL bypasses validation, enabling attackers to redirect callbacks to a controlled TLD.


  1. Vulnerability 1 Fix:
    • Delete the specified file and disable the ‘phpinfo’ function.
    • Change sensitive credentials like admin passwords, mail server, database credentials, and Object-Store/S3 access keys.
  2. Vulnerability 2 Fix:
    • Harden the validation code.
  3. Vulnerability 3 Fix:
    • Disable the “Allow Subdomains” option.
    • Apply hardening measures to the validation code in the oauth2 app.


The information was derived from advisories and recommendations provided by ownCloud regardin