Lucene search

GitHub_MCVELIST:CVE-2021-21245

HistoryJan 15, 2021 - 8:10 p.m.

CVE-2021-21245 Pre-Auth Arbitrary File Upload

2021-01-1520:10:52

CWE-434

GitHub_M

www.cve.org

onedev

arbitrary file upload

pre-auth

security issue

webshell

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

56.5%

JSON

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (request.getInputStream()) to a user specified location (request.getHeader("File-Name")). This issue may lead to arbitrary file upload which can be used to upload a WebShell to OneDev server. This issue is addressed in 4.0.3 by only allowing uploaded file to be in attachments folder. The webshell issue is not possible as OneDev never executes files in attachments folder.

CNA Affected

[
  {
    "product": "onedev",
    "vendor": "theonedev",
    "versions": [
      {
        "status": "affected",
        "version": "< 4.0.3"
      }
    ]
  }
]

References

github.com/theonedev/onedev/commit/0c060153fb97c0288a1917efdb17cc426934dacb

github.com/theonedev/onedev/security/advisories/GHSA-62m2-38q5-96w9

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

56.5%

JSON

Related for CVELIST:CVE-2021-21245