Heise.de: Cloud-Computing-Software ownCloud und Nextcloud angreifbar


Can someone from OC core team comment on this?
Any patches for Graph API and WebDAV API ?

Updates and fixes are available for all published CVEs. Otherwise we would not make those available. Subscription customers have an early warning period.
Depending on your update method the deletion of the graphAPI files might still be needed, thats why we recommend for admins to double-check. ownCloud security policies and information
Newest graphAPI app is here: Graph API app | ownCloud Marketplace
Today we released 10.13.3 with additional fixes.
We recommend to run only the latest ownCloud Server versions.

1 Like

@hodyroff: as a partner of your company, I run ownCloud for some years and have knowledge about general rules for security and updates :smile:

Maybe someone can add a reference at Marketplace to the CVSS and the info, that this one is already fixed with 0.3.1. The article at heise.de (and especially this author Dennis Schirrmacher) tries to create the impression that “Nexcloud is save” and “Owncloud is unsave” which is simply bullshit.


This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.