The maintainers of ownCloud, a popular open-source file-sharing software, have recently issued an alert regarding three critical security flaws that could have severe consequences. The flaws have become known through a recent announcement by ownCloud's maintainers. 

Several vulnerabilities in ownCloud pose a significant risk to the security and privacy of users, as they could allow sensitive information to be exposed and files to be modified unauthorized, compromising the security and privacy of users in ownCloud. 

A CVSS score of 10.0 has been assigned to the first vulnerability, which affects containerized deployments. This vulnerability requires the disclosure of sensitive credentials and configurations in order to exploit it. An important flaw in graphapi versions ranging for 0.2.0 to 0.3.0 has been exploited against graphapi. 

If an attacker is able to access a particular URL, crucial details about a PHP environment, including variables used to control a web server, could be revealed. The environment variables of containerized deployments may contain sensitive data such as the administrator password for the OwnCloud system, the credentials for the email server, and the license key for the software. 

Among the three critical security vulnerabilities that have been discovered in the open source file sharing software ownCloud is a vulnerability that could expose passwords for administrators and credentials for the mail server. 

The OpenSource OwnCloud system is a solution that allows users to sync and share files individually or as a team based on a self-hosted platform that allows users to access and manage files from anywhere. In addition to businesses, educational institutions, government agencies, and individuals who prefer to maintain control over their data, a cloud storage program is also used by businesses and enterprises, educational institutions, government agencies, and individuals who are conscious of their privacy.

In addition to its ownCloud site reporting that 200 million users are using OwnCloud, it also reports 600 enterprise customers. There have been three security bulletins issued by the development team behind OwnCloud this past week stating that the project could be severely compromised due to three different vulnerabilities in the project's components. 

CVE-2023-49103 is the first flaw identified, which has a CVSS v3 score of 10. This flaw allows for the theft of credentials and configuration information in containerized deployments, and it impacts all of the server's environment variables as well. 

OwnCloud recommends that immediate action be taken in order to mitigate this issue, such as deleting a particular file and disabling the PHPinfo function. It is also advised that users should change the password for the ownCloud admin account, their mail server and database credentials, as well as their access codes for Object-Store and Amazon S3. 

In order to resolve this issue, it is recommended that the  ownCloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php file be deleted, Docker containers should be disabled from executing the phpinfo function, and that secrets such as the ownCloud admin password, mail server, database credentials, and Object-Store/S3 access keys be changed. 

A second vulnerability, rated 9.8, can be used by malicious actors to bypass WebDAV API authentication using pre-signed URLs, which has a CVSS score of 9.8. As a result of this vulnerability, users have the ability to access, modify, or delete files without their consent when their username is known and their signing key is not configured, but it impacts core versions from 10.6.0 to 10.13.0. 

Lastly, ownCloud has made a warning about a security vulnerability discovered in oauth2 before version 0.6.1 that can bypass the validation process for subdomains. By bypassing the validation code, this vulnerability enables an attacker to redirect callbacks to a top-level domain (TLD) controlled by them, which has a CVSS score of 9.0. 

OwnCloud suggests that as a temporary solution to this issue, you disable the "Allow Subdomains" option and harden the validation code in the OAUTH2 application. In the event that the user's username is known and the sign-key has not been configured (the default setting), attackers can access, edit, or delete any file without authentication. 

It has been published that the pre-signed URLs cannot be used unless a signing key has been set up for the file owner. This can be fixed by denying the use of pre-signed URLs. There is also a third flaw (CVSS v3 score: 9) that affects all versions of the oauth2 library below version 0.6.1, which is a subdomain validation bypass vulnerability. 

The attacker can inject a specially crafted redirect URL into the Oauth2 app that bypasses the validation code, allowing the attacker's callbacks to be redirected to his own domain. As a temporary workaround, a temporary workaround is provided in the bulletin of the Oauth2 application. It is recommended that the validation code be hardened in the Oauth2 application. 

Three security flaws described in the bulletins significantly damage the security and integrity of ownCloud, potentially exposing sensitive information to phishing attacks, stealthy data theft, and other possible malicious activities. Various ransomware groups have been using vulnerabilities in file-sharing platforms to steal data from thousands of companies around the world, and are using them as part of their attacks on companies that use file-sharing platforms. 

As a result of this disclosure, a proof-of-concept (PoC) exploit for a critical remote code execution vulnerability (CVE-2023-43177) has been released for the CrushFTP solution. If exploited by an unauthenticated attacker, the attacker could gain access to files, run arbitrary programs on the host, and obtain plain-text passwords through the application. Converge security researcher Ryan Emmons discovered and reported the issue, and the issue has been resolved since CrushFTP 10.5.2, the version that was released on August 10, 2023, addressed this issue.