CNNVD-202602-972 Information

CNNVD ID

CNNVD-202602-972

Related CVE

CVE-2026-23989

• CNNVD Published: 2026-02-06

Description (Chinese)

REVA是OpenCloud开源的一个数据平台软件。 REVA 2.42.3之前版本和2.40.3之前版本存在安全漏洞，该漏洞源于GRPC授权中间件存在范围验证绕过，可能导致创建包含所有可访问资源的存档。

Description (English)

REVA is an OpenCloud open source data platform software. There is a security loophole in the previous version of REVA 2.42.3 and the previous version of 2.40.3, which stems from the fact that the scope verification of the GRPC authorized intermediate bypasses and may lead to the creation of an archive containing all available resources.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

OpenCloud

Published

2026-02-06

Last Modified

2026-02-24

References

https://github.com/opencloud-eu/reva/commit/95aa2bc5d980eaf6cc134d75782b4f5ac7b36ae1 https://github.com/opencloud-eu/reva/security/advisories/GHSA-9j2f-3rj3-wgpg

Patch

https://github.com/opencloud-eu/reva/releases