Rhafer

**Name of the Vulnerable Software and Affected Versions** REVA versions prior to 2.40.3 REVA versions prior to 2.42.3 **Description** A flaw exists in the GRPC authorization middleware of the "Reva" component of OpenCloud. This allows a malicious user to bypass scope verification of a public link. By exploiting this through the "archiver" service, an attacker can create an archive (zip or tar-file) containing all resources accessible to the creator of the public link. The issue is not exploitable via WebDAV requests. **Recommendations** Update to REVA version 2.40.3 or later. Update to REVA version 2.42.3 or later.