Nextcloud: Reference caching can leak data to unauthorized users

Summary:

The ReferenceManager uses a cache to store information about previously accessed references. The used cachePrefix in deck (see here) is independent of the user. If User1 has access to a deck card and the reference data is stored in the cache, any user with knowledge of the boardId/cardId can access the information of that deck card.

Steps To Reproduce:

1. User1 has a deck card and shares the link in a talk conversation
2. Any user of that conversation (or with knowledge of the link) is able to see the deck card, if the call to the reference provider was done for user1 before

Supporting Material/References:

User “Admin”:
{F2025386}

User “Test”:
{F2025389}

Impact

I think the impact should be minimal, because multiple things need to happen to leak information (the reference needs to be cached, another user needs to know the url, etc.).
The GitHub-Integration uses the userId as a cachePrefix, this so this shouldn’t be a issue in that case, see here.
I haven’t looked at other reference providers.