CVE-2023-49103 04 and 05 (OwnCloud) - CVSS Risk score 10

For everyone’s awareness of this new very high risk.

From this article (first link below) I could not find the file (GetPhpInfo.php) they suggested to mitigate this in the interim while they are working on a permanent fix. - But perhaps I used the find . -name command wrong or something, so I wanted to make sure others who are smarter than I am can check to see if we need to do something in the MIAB community.

I checked my server yesterday for evidence that MiaB is vulnerable and could find none. Furthermore, I did find nginx log entries that showed attempts to exploit this vuln, but all received a 404 response, so I do not believe we are vulnerable.

1 Like

Awesome @dms, thank you!

Mail-in-a-Box moved to Nextcloud a long time ago and Nextcloud is not affected by any of the recently reported ownCloud vulnerabilities.

1 Like

This topic was automatically closed 40 days after the last reply. New replies are no longer allowed.