CVE-2023-49105 ownCloud Vulnerability

Server configuration

Operating system :

CentOS Linux release 7.9.2009 (Core)

Web server:

Server version: Apache/2.4.6 (CentOS)
Server built: Nov 16 2020 16:18:20


MySQL: 8.0.26

PHP version:

PHP 7.4.33 (cli)

ownCloud version: (see ownCloud admin page)

10.8.0 (stable)

The vulnerability CVE-2023-49105 was discovered and OwnCloud version 10.06-10.13 was published. The problem is, the fact that our production server on which OwnCloud is installed includes many of its own improvements and software solutions, and a simple update of OwnCloud to version 10.14 is not possible. Can anyone tell me what solutions there are to eliminate this vulnerability? Maybe some minor update, patch? Maybe something can be fixed in the program code, in the files? Thanks in advance for your answers

There were a couple of serious issues, we can only recommend to go to the newest version. Not sure what would prevent that on CentOS 7 … as long as you still have maintenance for the OS after June 30th …