Three critical vulnerabilities currently plague the open-source file-sharing software ownCloud. The most serious bug impacts Graph API versions 0.2.0 to 0.3.0 and enables unauthenticated users to access the PHP environment’s configuration details. This environment contains admin passwords, mail server credentials, and license keys. A second vulnerability is an authentication bypass in the WebDAV API, which allows unauthenticated users to modify and delete files under default settings. The final bug affects oauth2 app versions older than 0.6.1 and enables attackers to redirect callbacks to their own top-level domains.
Read More:
