"Old" cve-2023-49103 vulnerability

adamp · August 19, 2025, 8:52am

Hello,

At the end of May, 2025, the Polish company CERT (which operates in cybersecurity branch and monitors national network and so on) send us the below information:

"
We have received information that over the last 4 days, publicly available ownCloud services containing vulnerabilities have been identified:
ip,port,vulnerabilities
xxx.xxx.xxx.xxx,443,cve-2023-49103;owncloud;ssl

If, according to our information, you have such software, we recommend that you immediately install the latest updates released by the manufacturer, as the aforementioned vulnerability
could be used to attempt attacks on your infrastructure or your customers’ systems.
"

(Of course, they mentioned our real public IP address in their information).

After that, we reinstalled the entire installation of ownCloud to version 10.15.2.

Unfortunately, after next month CERT sent us the next information, that the vulnerability still exists.

What we can do in such situation? How to check externally, what they see in our public services?

Thanks in advance for your comments.

Adam

jvillafanez · August 19, 2025, 3:25pm

There is information in the link above. In addition, if you still need the graphapi app (which was the main cause of the issue), you need to update to the latest 0.3.1 version

adamp · August 19, 2025, 3:43pm

I disabled GraphAPI after reinstallation (when I did it at May) - but it already has version 0.3.1.

Adam

jvillafanez · August 20, 2025, 9:12am

Make sure the file mentioned in the blog post has been removed from the FS. Disabling the app might not be enough if the file is still present.
Other than following the official recommendations from the blog post, I don’t have anything else.