Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
REVA Public Link Exploit
Vulnerability Description
REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "archiver" service this can be leveraged to create an archive (zip or tar-file) containing all resources that this creator of the public link has access to. This vulnerability is fixed in 2.42.3 and 2.40.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
REVA 安全漏洞
Vulnerability Description
REVA是OpenCloud开源的一个数据平台软件。 REVA 2.42.3之前版本和2.40.3之前版本存在安全漏洞,该漏洞源于GRPC授权中间件存在范围验证绕过,可能导致创建包含所有可访问资源的存档。
CVSS Information
N/A
Vulnerability Type
N/A