CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45309 – OneDev vulnerable to arbitrary file reading for unauthenticated user
https://notcve.org/view.php?id=CVE-2024-45309
OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9. • https://github.com/theonedev/onedev/commit/4637aaac8c70d41aa789b7fce208b75c6a7b711f https://github.com/theonedev/onedev/security/advisories/GHSA-7wg5-6864-v489 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24828 – Use of Cryptographically Weak Pseudo-Random Number Generator in Onedev
https://notcve.org/view.php?id=CVE-2023-24828
Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users (or everyone if it allows self-registration) may exploit this to elevate privilege to obtain administrator permission. This issue is has been addressed in version 7.9.12. Users are advised to upgrade. • https://github.com/theonedev/onedev/commit/d67dd9686897fe5e4ab881d749464aa7c06a68e5 https://github.com/theonedev/onedev/security/advisories/GHSA-jf5c-9r77-3j5j • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2022-39206 – CI/CD Docker Escape in OneDev
https://notcve.org/view.php?id=CVE-2022-39206
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket (e.g. /var/run/docker.sock on Linux) is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daemon on the host machine. This is a known dangerous pattern, as it can be used to break out of Docker containers and, in most cases, gain root privileges on the host system. • https://blog.sonarsource.com/onedev-remote-code-execution https://github.com/theonedev/onedev/commit/0052047a5b5095ac6a6b4a73a522d0272fec3a22 https://github.com/theonedev/onedev/security/advisories/GHSA-gjq9-4xx9-cr3q • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-39207 – Persistent XSS in OneDev
https://notcve.org/view.php?id=CVE-2022-39207
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. During CI/CD builds, it is possible to save build artifacts for later retrieval. They can be accessed through OneDev's web UI after the successful run of a build. These artifact files are served by the webserver in the same context as the UI without any further restrictions. This leads to Cross-Site Scripting (XSS) when a user creates a build artifact that contains HTML. • https://blog.sonarsource.com/onedev-remote-code-execution https://github.com/theonedev/onedev/commit/adb6e31476621f824fc3227a695232df830d83ab https://github.com/theonedev/onedev/security/advisories/GHSA-27fw-gv88-qrpg • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-39208 – Git Repository Disclosure in Onedev
https://notcve.org/view.php?id=CVE-2022-39208
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. All files in the /opt/onedev/sites/ directory are exposed and can be read by unauthenticated users. This directory contains all projects, including their bare git repos and build artifacts. This file disclosure vulnerability can be used by unauthenticated attackers to leak all project files of any project. Since project IDs are incremental, an attacker could iterate through them and leak all project data. • https://blog.sonarsource.com/onedev-remote-code-execution https://github.com/theonedev/onedev/commit/8aa94e0daf8447cdf76d4f27bfda0a85a7ea5822 https://github.com/theonedev/onedev/security/advisories/GHSA-h427-rv56-c9h2 • CWE-552: Files or Directories Accessible to External Parties •