Summary

A user with view-only rights and no download privileges can obtain a local copy of a shared file. Although there are no corresponding buttons in the interface, pressing Ctrl+Shift+S initiates the file download process. This allows the user to bypass the access restrictions and leads to unauthorized data retrieval.

Details

Nextcloud 31
Collabora Online Development Edition 25.04.08.1

PoC

In the Nextcloud environment with integrated Collabora Online, UserA grants access to file A (format .xlsx) to UserB with view-only rights and an explicit prohibition on downloading.

For UserB:

• there is no option to download the file in the Nextcloud web interface;
• there are no “Download”, “Save as” or “Print” buttons in the Collabora Online web interface;
• the file is available for viewing only, as specified in the access settings.

However, using the Ctrl + Shift + S key combination in the Collabora Online web interface initiates the process of saving (downloading) the file. As a result, UserB receives a local copy of the original file, despite not having the appropriate access rights.

Impact

• Violation of access control models.
• Unauthorized distribution of confidential documents.
• Risk of data leakage in corporate and regulated environments.
• False sense of security for file owners who rely on “view only” mode.