A new critical vulnerability impacting ownCloud servers through its app graphapi 0.2.0-0.3.0 (Graph API), identified by the number CVE-2023-49103, obtains a CVSS score of 10. Stormshield Customer Security Lab team unveils Stormshield's protection offerings.


The context of the CVE-2023-49103

A new vulnerability bearing the number CVE-2023-49103 has been discovered in the following product: ownCloud app graphapi from version 0.2.0 to 0.3.0.

This vulnerability has a CVSS 3.1 score of 10, the highest possible. This flaw allows an attacker, remotely and without any authentication, to read a phpinfo file that contains many sensitive information about the local environment. Such as configuration details and user information. On containerized deployments, the situation is even worse as it also includes owncloud admin password, mail server credentials, database credentials, and licence key.


The technical details of the CVE-2023-49103

The graphapi app relies on a third-party GetPhpInfo.php library that provides a URI. When it is accessed, a page shows many details about the web server environment, that can be read without authentication,

The URI to access is the following: /owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php


CVE-2023-49103 and Stormshield protections

Stormshield Network Security

The following IPS signature can detect and block exploitation of the vulnerability:

  • http:url:decoded.417 -> Exploitation of an information disclosure vulnerability in ownCloud (CVE-2023-49103)

Confidence index for the protection offered by Stormshield

Confidence index for the absence of false positives


We strongly recommend that you take the following actions :

  • Remove the file owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php
  • Update owncloud and graphapi app to the latest version
  • For containerized environment, change the following secrets:
    • Owncloud admin password
    • Mail server credentials
    • Database credentials
    • Object-Store/S3 access-key

Share on

[juiz_sps buttons="facebook, twitter, linkedin, mail"]
Need more information about Stormshield protection? The Technical Support teams are at your disposal to help you. Contact them through the incident manager located in the MyStormshield private area. To access it, select the menu "Technical Support / Report an incident / Track an incident".
Stormshield's Cyber Threat Intelligence team has two primary missions: to study cyber threats to understand them and to continuously improve Stormshield product protections. All with the goal of contributing to the cybersecurity community's effort to address cyber threats.
About the author
Pierre-Olivier Kaplan Stormshield Customer Security Lab Researcher

Pierre-Olivier wears many hats in the game world, alternating between game-designer and rogue. Passionate about history and computer security, he specialised in the latter after graduating from EPITA and joined the ranks of Stormshield. IRL, he eats anything with a hummus base, ideal to be in top shape and tackle the latest cyber threats.