Details and Caveats for ownCloud information disclosure (CVE-2023-49103)

This report analyzes CVE-2023-49103 (ownCloud Graph API information disclosure) showing how a test file calling phpinfo() can leak environment variables (including credentials) under certain configurations; it documents testing with Docker, how an htaccess RewriteRule/mod_rewrite behavior commonly prevents the exploit, conditions that make instances vulnerable (htaccess.RewriteBase unset or misconfigured), evidence of scanning in the wild, and recommends patching and monitoring.