Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

download do not get deleted upon deletion of referenced file - possible information leakage #5323

Open
muellefr opened this issue Dec 1, 2022 · 0 comments
Open

download do not get deleted upon deletion of referenced file - possible information leakage #5323

muellefr opened this issue Dec 1, 2022 · 0 comments
Labels
priority-medium

Comments

@muellefr
Copy link

muellefr commented Dec 1, 2022

We noticed a strange beahavior, that we consider a bug:

After deleting a file that was shared via download-link, he added a file with the same name. The newly created file was still accessible through the prior created download-link. We think, this is a bug and the download-link should get deleted with the file. Otherwise the user could leak information, without noticing.

Howto reproduce:

  • add file "test.md"
  • create download-link for "test.md"
  • delete "test.md"
  • create new file "test.md"
  • test formerly created download-link

Possible solutions:

  • check for download-links upon deletion of file or folder and delete them with the file/folder
  • use unique file-id as reference in download-links (like the internal link does)
  • ...

Thank you for looking into this!

regards
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority-medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@freeplant @muellefr