18 results (0.003 seconds)

CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0

OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9. • https://github.com/theonedev/onedev/commit/4637aaac8c70d41aa789b7fce208b75c6a7b711f https://github.com/theonedev/onedev/security/advisories/GHSA-7wg5-6864-v489 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users (or everyone if it allows self-registration) may exploit this to elevate privilege to obtain administrator permission. This issue is has been addressed in version 7.9.12. Users are advised to upgrade. • https://github.com/theonedev/onedev/commit/d67dd9686897fe5e4ab881d749464aa7c06a68e5 https://github.com/theonedev/onedev/security/advisories/GHSA-jf5c-9r77-3j5j • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Onedev v7.4.14 contains a path traversal vulnerability which allows attackers to access restricted files and directories via uploading a crafted JAR file into the directory /opt/onedev/lib. Onedev versión v7.4.14, contiene una vulnerabilidad de salto de rutas que permite a atacantes acceder a archivos y directorios restringidos por medio de una carga de un archivo JAR diseñado en el directorio /opt/onedev/lib • https://github.com/theonedev/onedev/commit/5b6a19c1f7fe9c271acc4268bcd261a9a1cbb3ea https://research.loginsoft.com/vulnerability/path-traversal-in-onedev-v7-4-14 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket (e.g. /var/run/docker.sock on Linux) is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daemon on the host machine. This is a known dangerous pattern, as it can be used to break out of Docker containers and, in most cases, gain root privileges on the host system. • https://blog.sonarsource.com/onedev-remote-code-execution https://github.com/theonedev/onedev/commit/0052047a5b5095ac6a6b4a73a522d0272fec3a22 https://github.com/theonedev/onedev/security/advisories/GHSA-gjq9-4xx9-cr3q • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. During CI/CD builds, it is possible to save build artifacts for later retrieval. They can be accessed through OneDev's web UI after the successful run of a build. These artifact files are served by the webserver in the same context as the UI without any further restrictions. This leads to Cross-Site Scripting (XSS) when a user creates a build artifact that contains HTML. • https://blog.sonarsource.com/onedev-remote-code-execution https://github.com/theonedev/onedev/commit/adb6e31476621f824fc3227a695232df830d83ab https://github.com/theonedev/onedev/security/advisories/GHSA-27fw-gv88-qrpg • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-732: Incorrect Permission Assignment for Critical Resource •