heinlein opencloud_reva CVE Vulnerabilities (1)

CVEs: 1 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting heinlein opencloud_reva (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 11 of 1 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2026-23989 REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "archiver" service this can be leveraged to create an archive (zip or tar-file) containing all resources that this creator of the public link has access to. This vulnerability is fixed in 2.42.3 and 2.40.3. [email protected] 8.2 0.27% 2026-02-06 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence