1 results (0.001 seconds)
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45309 – OneDev vulnerable to arbitrary file reading for unauthenticated user
https://notcve.org/view.php?id=CVE-2024-45309
OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9. • https://github.com/theonedev/onedev/commit/4637aaac8c70d41aa789b7fce208b75c6a7b711f https://github.com/theonedev/onedev/security/advisories/GHSA-7wg5-6864-v489 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •