17 results (0.012 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users (or everyone if it allows self-registration) may exploit this to elevate privilege to obtain administrator permission. This issue is has been addressed in version 7.9.12. Users are advised to upgrade. • https://github.com/theonedev/onedev/commit/d67dd9686897fe5e4ab881d749464aa7c06a68e5 https://github.com/theonedev/onedev/security/advisories/GHSA-jf5c-9r77-3j5j • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Onedev v7.4.14 contains a path traversal vulnerability which allows attackers to access restricted files and directories via uploading a crafted JAR file into the directory /opt/onedev/lib. Onedev versión v7.4.14, contiene una vulnerabilidad de salto de rutas que permite a atacantes acceder a archivos y directorios restringidos por medio de una carga de un archivo JAR diseñado en el directorio /opt/onedev/lib • https://github.com/theonedev/onedev/commit/5b6a19c1f7fe9c271acc4268bcd261a9a1cbb3ea https://research.loginsoft.com/vulnerability/path-traversal-in-onedev-v7-4-14 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket (e.g. /var/run/docker.sock on Linux) is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daemon on the host machine. This is a known dangerous pattern, as it can be used to break out of Docker containers and, in most cases, gain root privileges on the host system. • https://blog.sonarsource.com/onedev-remote-code-execution https://github.com/theonedev/onedev/commit/0052047a5b5095ac6a6b4a73a522d0272fec3a22 https://github.com/theonedev/onedev/security/advisories/GHSA-gjq9-4xx9-cr3q • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. During CI/CD builds, it is possible to save build artifacts for later retrieval. They can be accessed through OneDev's web UI after the successful run of a build. These artifact files are served by the webserver in the same context as the UI without any further restrictions. This leads to Cross-Site Scripting (XSS) when a user creates a build artifact that contains HTML. • https://blog.sonarsource.com/onedev-remote-code-execution https://github.com/theonedev/onedev/commit/adb6e31476621f824fc3227a695232df830d83ab https://github.com/theonedev/onedev/security/advisories/GHSA-27fw-gv88-qrpg • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. All files in the /opt/onedev/sites/ directory are exposed and can be read by unauthenticated users. This directory contains all projects, including their bare git repos and build artifacts. This file disclosure vulnerability can be used by unauthenticated attackers to leak all project files of any project. Since project IDs are incremental, an attacker could iterate through them and leak all project data. • https://blog.sonarsource.com/onedev-remote-code-execution https://github.com/theonedev/onedev/commit/8aa94e0daf8447cdf76d4f27bfda0a85a7ea5822 https://github.com/theonedev/onedev/security/advisories/GHSA-h427-rv56-c9h2 • CWE-552: Files or Directories Accessible to External Parties •