1393 matches found
CVE-2021-21249
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is an issue involving YAML parsing which can lead to post-auth remote code execution. In order to parse and process YAML files, OneDev uses SnakeYaml which by default when not using SafeConstructor allows the...
CVE-2021-21242
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the Attachment-Support header. This Servlet does not enforce any authentication or...
CVE-2021-21245
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data request.getInputStream to a user specified location request.getHeader"File-Name". This issue may lead to arbitrary file upload which can be used to upload a WebShell to...
CVE-2021-21248
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability involving the build endpoint parameters. InputSpec is used to define parameters of a Build spec. It does so by using dynamically generated Groovy classes. A user able to control job paramete...
CVE-2021-21248
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability involving the build endpoint parameters. InputSpec is used to define parameters of a Build spec. It does so by using dynamically generated Groovy classes. A user able to control job paramete...
CVE-2021-21250
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which may lead to arbitrary file read. When BuildSpec is provided in XML format, the spec is processed by XmlBuildSpecMigrator.migratebuildSpecString; which processes the XML document withou...
Crlf injection
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability involving the build endpoint parameters. InputSpec is used to define parameters of a Build spec. It does so by using dynamically generated Groovy classes. A user able to control job paramete...
Design/Logic Flaw
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the /users/id endpoint there are no security checks enforced so it is possible to retrieve...
Design/Logic Flaw
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data request.getInputStream to a user specified location request.getHeader"File-Name". This issue may lead to arbitrary file upload which can be used to upload a WebShell to...
CVE-2021-21244
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server side template injection via Bean validation message tampering. Full details in the reference GHSA. This issue was fixed in 4.0.3 by disabling validation interpolation...
Authorization
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deserialize untrusted data from the request body. These endpoints do not enforce any authentication or authorization checks. This issue may lead to pre-auth RCE. This issue...
CVE-2021-21245
CVE-2021-21245 affects OneDev prior to 4.0.3, where AttachmentUploadServlet saves user-controlled data from the request into a user-specified path via File-Name header. This can enable arbitrary file upload and potential WebShell deployment on the OneDev server. The issue is addressed in 4.0.3 by...
CVE-2021-21246
OneDev before 4.0.3 exposes an insecure REST endpoint: GET /users/{id} lacks authorization checks, enabling retrieval of arbitrary user details and Access Tokens. This permits potential impersonation and sensitive data exposure across projects accessible by the user. The issue is fixed in version...
CVE-2021-21247
OneDev before 4.0.3 embeds an AJAX event listener (AbstractPostAjaxBehavior) on all pages except login, which decodes/deserializes the data parameter via POST. This authenticated vulnerability can be triggered by a logged-in user and may lead to post-auth RCE. The issue is mitigated in version 4....
CVE-2021-21249
CVE-2021-21249 affects OneDev prior to 4.0.3, where YAML parsing with SnakeYaml could deserialize arbitrary classes, enabling post-auth remote code execution. The root cause is unsafe deserialization when not using SafeConstructor, allowing crafted YAML to instantiate user-controlled classes (e.g...
CVE-2021-21248
CVE-2021-21248 affects OneDev before 4.0.3. The vulnerability lies in the build endpoint parameters via InputSpec, which uses dynamically generated Groovy classes; an attacker who controls job parameters can inject Groovy code, leading to arbitrary code execution through a static constructor on t...
CVE-2021-21250
OneDev prior to 4.0.3 is affected by a critical XXE in BuildSpec XML processing: XmlBuildSpecMigrator.migrate(buildSpecString) expands external entities, allowing an attacker to read arbitrary filesystem files (if dumped into YAML properties) or exfiltrate data Out Of Band. The flaw is mitigated ...
CVE-2021-21251
CVE-2021-21251 (OneDev) affects OneDev prior to version 4.0.3, where the KubernetesResource REST endpoint untars user‑supplied data via TarUtils (built on Apache Commons Compress). The untar process lacks checks to prevent files from traversing the filesystem and overwriting existing files, enabl...
CVE-2021-21242
CVE-2021-21242 affects OneDev before version 4.0.3. The vulnerability lies in the AttachmentUploadServlet which deserializes untrusted data from the Attachment-Support header and does not enforce authentication/authorization, enabling pre-auth remote code execution. The issue is fixed in 4.0.3 by...
CVE-2021-21244
CVE-2021-21244 affects OneDev before version 4.0.3. A pre-auth server-side template injection occurs via tampering with Bean validation messages, enabling SSTI. The root cause is failure in validation message handling that allows interpolation to be exploited. The issue was fixed in 4.0.3 by disa...