Lucene search

GitHub_MCVELIST:CVE-2021-21250

HistoryJan 15, 2021 - 8:10 p.m.

CVE-2021-21250 Post-Auth External Entity Expansion (XXE)

2021-01-1520:10:21

CWE-538

GitHub_M

www.cve.org

onedev

xxe

xml

file read

vulnerability

4.0.3

security issue

arbitrary

yaml

oob

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

31.0%

JSON

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which may lead to arbitrary file read. When BuildSpec is provided in XML format, the spec is processed by XmlBuildSpecMigrator.migrate(buildSpecString); which processes the XML document without preventing the expansion of external entities. These entities can be configured to read arbitrary files from the file system and dump their contents in the final XML document to be migrated. If the files are dumped in properties included in the YAML file, it will be possible for an attacker to read them. If not, it is possible for an attacker to exfiltrate the contents of these files Out Of Band. This issue was addressed in 4.0.3 by ignoring ENTITY instructions in xml file.

CNA Affected

[
  {
    "product": "onedev",
    "vendor": "theonedev",
    "versions": [
      {
        "status": "affected",
        "version": "< 4.0.3"
      }
    ]
  }
]

References

github.com/theonedev/onedev/commit/9196fd795e87dab069b4260a3590a0ea886e770f

github.com/theonedev/onedev/security/advisories/GHSA-9pph-8gfc-6w2r

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

31.0%

JSON

Related for CVELIST:CVE-2021-21250