Alert - Vulnerability CVE-2023-49103 impacting ownCloud file sharing application

Number: AL23-017
Date: November 28, 2023

Audience

This Alert is intended for IT professionals and managers.

Purpose

An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested.

Details

The Cyber Centre is aware of three recent critical vulnerabilities Footnote 1Footnote 2Footnote 3 impacting ownCloud, an open-source file sync and sharing solution used to manage and share files hosted on-site. One of these vulnerabilities, CVE-2023-49103 Footnote 4, leverages a flaw to obtain administrative passwords, mail server credentials and configuration information in containerized deployments. The Cyber Centre has received reports that this vulnerability has been exploited in the wild. Footnote 5Footnote 6

This Alert is being published to raise awareness of CVE-2023-49103, to highlight the potential impact to organizations and to provide guidance for organizations who may be targeted by related malicious activity.

Suggested action

The Cyber Centre recommends organizations:

  • Perform mitigations suggested by the vendor.
  • Immediately patch affected systems when updates addressing this vulnerability become available.
  • Permit internet access to your web applications based upon known good IP addresses or geographic location, where possible.

In addition, the Cyber Centre strongly recommends that organizations review and implement the Cyber Centre's Top 10 IT Security ActionsFootnote 7 with an emphasis on the following topics:

  • Consolidate, monitor, and defend internet gateways
  • Segment and separate information
  • Isolate internet-facing applications

If activity matching the content of this alert is discovered, recipients are encouraged to report via the My Cyber Portal, or email contact@cyber.gc.ca.

Date modified: