Security researchers are actively monitoring what appears to be the widespread exploitation of a critical security vulnerability affecting ownCloud, a widely utilized open-source file-sharing server application. This vulnerability, with a severity rating of 10, allows attackers to gain complete control over servers running ownCloud.
ownCloud officials issued a warning last week, stating that the vulnerability enables malicious actors to acquire passwords and cryptographic keys, ultimately granting them administrative control over a vulnerable server through a straightforward web request to a static URL. Within four days of the disclosure on November 21, security experts at Greynoise reported observing instances of “mass exploitation” in their honeypot servers. These servers simulated vulnerable ownCloud instances to track attempts to exploit the vulnerability. The number of IP addresses sending these exploitative web requests has steadily increased since then, reaching 13 at the time of this post on Ars. the widespread exploitation
“We’re seeing hits to the specific endpoint that exposes sensitive information, which would be considered exploitation,” Glenn Thorpe, senior director of security research & detection engineering at Greynoise, said in an interview on Mastodon. “At the moment, we’ve seen 13 IPs that are hitting our unadvertised sensors, which indicates that they are pretty much spraying it across the internet to see what hits.”