CVE-2023-49103

{"id": "CVE-2023-49103", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}]}, "published": "2023-11-21T22:15:08.277", "references": [{"url": "https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://owncloud.org/security", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en ownCloud owncloud/graphapi 0.2.x anterior a 0.2.1 y 0.3.x anterior a 0.3.1. La aplicaci\u00f3n Graphapi se basa en una librer\u00eda GetPhpInfo.php de terceros que proporciona una URL. Cuando se accede a esta URL, se revelan los detalles de configuraci\u00f3n del entorno PHP (phpinfo). Esta informaci\u00f3n incluye todas las variables de entorno del servidor web. En implementaciones en contenedores, estas variables de entorno pueden incluir datos confidenciales, como la contrase\u00f1a del administrador de ownCloud, las credenciales del servidor de correo y la clave de licencia. Simplemente deshabilitar la aplicaci\u00f3n Graphapi no elimina la vulnerabilidad. Adem\u00e1s, phpinfo expone otros detalles de configuraci\u00f3n potencialmente confidenciales que un atacante podr\u00eda aprovechar para recopilar informaci\u00f3n sobre el sistema. Por lo tanto, incluso si ownCloud no se ejecuta en un entorno en contenedores, esta vulnerabilidad deber\u00eda ser motivo de preocupaci\u00f3n. Tenga en cuenta que los contenedores Docker anteriores a febrero de 2023 no son vulnerables a la divulgaci\u00f3n de credenciales."}], "lastModified": "2024-09-05T13:30:10.023", "cisaActionDue": "2023-12-21", "cisaExploitAdd": "2023-11-30", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:owncloud:graph_api:0.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4FB1ADA-F2C3-4632-A5ED-36BCE73CDA96"}, {"criteria": "cpe:2.3:a:owncloud:graph_api:0.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B2F54D9-20AF-4161-8104-CD80A3D39BB0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "ownCloud graphapi Information Disclosure Vulnerability"}