OwnCloud Vulnerability

Just throwing this in here:

“At the time of writing this, NextCloud has patched the authentication bypass vulnerability, while OwnCloud has chosen not to.”

@izzle @JoshData Verified Nextcloud already have patched this vulnerability in their current Nextcloud 10.0.1 package downloaded and installed 3 days ago. Thanks for reporting that.

  • The down side of that is that we still have Owncloud running within Miab even if not currently using It.

It appears that this only affects the enterprise version of owncloud, not the free/open source version included in MIAB. The FOSS version doesn’t include a feature (that I know of) for mounting SMB shares, but the enterprise one does (along with integration with several other storage providers). Sad that they’ve neglected this vulnerability, but it doesn’t look like it’ll affect anyone here.

For reference: https://github.com/mail-in-a-box/mailinabox/issues/978