In the News: Critical ownCloud bug ‘actively exploited’ after disclosure
Published originally on November 29, 2023 on SC Magazine.

A critical security flaw in the ownCloud file-sharing service is being “actively exploited” days after its disclosure.

The vulnerability, tracked as CVE-2023-49103, is classified as an information disclosure bug and holds a maximum CVSS severity score of 10. Victims risk leakage of sensitive data, including passwords and other credentials tied to the flaw in ownCloud’s graphapi app, according a security bulletin posted last Tuesday.

Ashley Leonard, CEO of endpoint and vulnerability management company Syxsense, told SC Media that ownCloud took the right tack by promptly disclosing the flaw.

“Transparency can enhance confidence in the company: secrecy and ‘security by obscurity’ hasn’t worked generally (look where we are), so taking an approach to being more open about vulnerabilities and how to fix them should be significant,” Leonard said.

Read the full story on SC Magazine..

Recent Posts

Topics

Related Posts

In the News: Brute-force attacks surge worldwide, warns Cisco Talos

In the News: Brute-force attacks surge worldwide, warns Cisco Talos

April 17, 2024
In the News: Why 92% of Security Professionals Worry About Generative AI

In the News: Why 92% of Security Professionals Worry About Generative AI

April 16, 2024
In the News: Let’s Celebrate World Backup Day 2024 – Hear From Industry Experts

In the News: Let’s Celebrate World Backup Day 2024 – Hear From Industry Experts

March 29, 2024
In the News: Navigating the new landscape: Understanding and implementing NIST CSF 2.0

In the News: Navigating the new landscape: Understanding and implementing NIST CSF 2.0

March 27, 2024