ownCloud security vulnerability and Google Drive missing files explained

by | Dec 1, 2023 | WordPress news

It’s been quite the week for cloud storage providers hitting the headlines, particularly Google Drive and ownCloud. If you use either vendor to store your important files or your WordPress backups, you should read on… 

Google Drive missing files issue

Google has acknowledged that a ‘limited subset of Drive for desktop users’ have been affected by recent disappearing files. 

The issue started with more than a few users complaining of missing data on Google’s Support hub. Google is investigating, but for now the advice is:

  • Do not click “Disconnect account” within Drive for desktop
  • Do not delete or move the app data folder:
    • Windows: %USERPROFILE%\AppData\Local\Google\DriveFS
    • macOS: ~/Library/Application Support/Google/DriveFS 

This article from Ars explores what the issue might be.

I use UpdraftPlus to back up my WordPress site to Google Drive – Could I be affected?

Chances are slim, but if you do use Drive for desktop it’s worth checking Google Drive in your browser to make sure that your backup files are still there. 

If you have any concerns, you can back up to another cloud provider in just a couple of clicks. 

UpdraftPlus supports lots of cloud storage options (possibly more than any other WordPress backup plugin) including Dropbox, Amazon S3, Rackspace, Dreamobjects and Openstack Swift.

If you use UpdraftPlus Premium you may like to ‘back up your backups’ by selecting more than one remote storage location under settings. Back up to any of the locations included in ‘free’ or to Microsoft OneDrive, SFTP, Azure, WebDAV, SCP, Google Cloud, Backblaze or pCloud. 

ownCloud security vulnerability – Microsoft Graph API

ownCloud last week disclosed a security vulnerability, rated on the Common Vulnerability Scoring System (CSVV) as a 10/10. The vulnerability affects a Microsoft Graph API (graphapi) within ownCloud. 

The graphapi app relies on a third-party library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo).”

And therein lies the problem. phpinfo may contain sensitive data such as login credentials which could then be exploited. 

Users of graphapi 0.2.0 – 0.3.0 should delete the file owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php

Then change the following:

  • Your ownCloud admin password
  • The mail server credentials
  • Database credentials
  • Object-Store/S3 access-key

The complete disclosure from ownCloud can be found here.

UpdraftPlus is a plugin for WordPress that enables you to back up and protect your WordPress website(s) in just a couple of clicks. You can even migrate to a new web host or URL in minutes! Download it for free from the WordPress directory or buy the premium plugin for even more features. UpdraftPlus is rated 5/5 stars in the WordPress directory and on TrustPilot and is actively installed on more than 3 million WordPress websites,

twitterlinkedinFacebook

About the author

headshot-becks-faulkner-seo-manager

Rebecca Faulkner

Becks is the SEO Manager at Updraft WP Software Ltd. She has specialised in search engine marketing for over 11 years. Her background spans various industries, with a primary focus in financial and tech sectors. She is driven by her passion for enhancing organic visibility with holistic SEO strategies.