CVE-2023-49103 (ownCloud):
"It seems more likely that sensitive environment variables would be present in a Docker installation, as this is a common technique used to pass secrets to a Docker container at runtime, however as we have seen, exploiting ownCloud shipped as a Docker image does not seem possible, due to either the additional rewrite rules in the .htaccess file, or the inclusion of phpinfo on the list of disabled PHP functions in certain ownCloud Docker images."
https://attackerkb.com/assessments/a2b1b41a-0a26-4226-a53b-ae72e6c65107
buherator /
npub1n3…djee0
2023-11-29 16:53:40
Author Public Key
npub1n3p6whdpmt9k8rxzcmvrs053utg662lfrgdxh7dl9t04ff8sdk7qqdjee0Published at
2023-11-29 16:53:40Event JSON
{
"id": "2baeeb6ae3db078841daad1492fb79bdfc089062419ef2b907851c4b90273da0",
"pubkey": "9c43a75da1dacb638cc2c6d8383e91e2d1ad2be91a1a6bf9bf2adf54a4f06dbc",
"created_at": 1701276820,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.place/objects/80c7865b-11be-434f-80d9-fb911df2bcd3",
"activitypub"
]
],
"content": "CVE-2023-49103 (ownCloud):\n\n\"It seems more likely that sensitive environment variables would be present in a Docker installation, as this is a common technique used to pass secrets to a Docker container at runtime, however as we have seen, exploiting ownCloud shipped as a Docker image does not seem possible, due to either the additional rewrite rules in the .htaccess file, or the inclusion of phpinfo on the list of disabled PHP functions in certain ownCloud Docker images.\"\n\nhttps://attackerkb.com/assessments/a2b1b41a-0a26-4226-a53b-ae72e6c65107",
"sig": "ba16db1ac561627da8a26b59f8f4339be5fa1b0fb5a2b1a8e2abb0f07c6e39ae53af9b94bf3daf6150995e5d74cf441bb5e50e187135755567fc032bb44c1d6a"
}