Design/Logic Flaw

2023-02-0800:15:00

PRIOn knowledge base

www.prio-n.com

logic flaw

cryptographically insecure

privilege escalation

administrator permission

upgrade

vulnerability

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.3%

JSON

Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users (or everyone if it allows self-registration) may exploit this to elevate privilege to obtain administrator permission. This issue is has been addressed in version 7.9.12. Users are advised to upgrade. There are no known workarounds for this vulnerability.