The Forgotten ownCloud vulnerability (CVE-2023-49105)

This report analyzes CVE-2023-49105 in ownCloud, an authentication bypass where the Signed URL Verifier uses an empty per-user signing-key (default) allowing attackers to craft valid OC-Signature values and read or list arbitrary user files; the authors present code-level analysis, a proof-of-concept signing procedure with curl examples, and recommend applying the available patch.