OpenCloud Reva Public Link Scope Bypass Vulnerability in GRPC Authorization Middleware

A vulnerability in the GRPC authorization middleware of the OpenCloud Reva component, present in versions prior to 2.42.3 and 2.40.3, allows malicious users to bypass scope verification on public links. This exploitation can be done through the 'archiver' service, enabling the creation of an archive containing all resources accessible to the public link creator. The vulnerability arises because public link shares are supposed to be limited to specific resources, but the authorization middleware fails to enforce these restrictions properly. Notably, this issue cannot be exploited through standard WebDAV requests.

Impact

Exploitation of this vulnerability allows for unauthorized access to resources beyond the intended scope of a public link, enabling a user to create an archive of all accessible resources of the public link creator.

Remediation

Users can update to OpenCloud Reva version 2.40.3 or 2.42.3, depending on their current version. For specific guidance on mitigating this vulnerability in an OpenCloud deployment, refer to the OpenCloud Advisory.