CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

167 matches found

Vulnrichment•added 2022/09/13 6:50 p.m.•7 views

CVE-2022-39207 Persistent XSS in OneDev

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. During CI/CD builds, it is possible to save build artifacts for later retrieval. They can be accessed through OneDev's web UI after the successful run of a build. These artifact files are served by the webserver in the same...

5.4CVSS5.9AI score0.00525EPSS

Exploits1References3

Cvelist•added 2022/09/13 6:42 p.m.•13 views

CVE-2022-39208 Git Repository Disclosure in Onedev

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. All files in the /opt/onedev/sites/ directory are exposed and can be read by unauthenticated users. This directory contains all projects, including their bare git repos and build artifacts. This file disclosure vulnerability...

7.5CVSS7.5AI score0.01087EPSS

Exploits1References3

Vulnrichment•added 2022/09/13 6:42 p.m.•6 views

CVE-2022-39208 Git Repository Disclosure in Onedev

7.5CVSS7.5AI score0.01087EPSS

Exploits1References3

CVE•added 2022/09/13 6:42 p.m.•53 views

CVE-2022-39208

Onedev CVE-2022-39208 is a file-disclosure vulnerability where all files under /opt/onedev/sites/ are readable by unauthenticated users, enabling leakage of project data (including bare git repos and build artifacts). Root cause is exposure of the /opt/onedev/sites/ directory; attackers could enu...

7.5CVSS7.3AI score0.01087EPSS

Exploits1References3Affected Software1

OSV•added 2022/09/13 6:42 p.m.•10 views

CVE-2022-39208 Git Repository Disclosure in Onedev

7.5CVSS7.2AI score0.01087EPSS

Exploits1References5

Cvelist•added 2022/09/13 6:30 p.m.•15 views

CVE-2022-39205 Access Control Bypass in Onedev

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. In versions of Onedev prior to 7.3.0 unauthenticated users can take over a OneDev instance if there is no properly configured reverse proxy. The /git-prereceive-callback endpoint is used by the pre-receive git hook on the...

9CVSS9.9AI score0.0316EPSS

Exploits1References4

CVE•added 2022/09/13 6:30 p.m.•64 views

CVE-2022-39205

Onedev (open source Git server) has a critical remote issue in versions prior to 7.3.0 where unauthenticated users can take over a OneDev instance if there is no properly configured reverse proxy. The /git-prereceive-callback endpoint (meant to be localhost-restricted) relies on the X-Forwarded-F...

9.8CVSS9.6AI score0.0316EPSS

Exploits1References4Affected Software1

OSV•added 2022/09/13 6:30 p.m.•8 views

CVE-2022-39205 Access Control Bypass in Onedev

9CVSS9.2AI score0.0316EPSS

Exploits1References6

Vulnrichment•added 2022/09/13 6:30 p.m.•2 views

CVE-2022-39205 Access Control Bypass in Onedev

9CVSS9.9AI score0.0316EPSS

Exploits1References4

CNNVD•added 2022/09/13 12:0 a.m.•1 views

Theonedev Onedev 授权问题漏洞

Theonedev Onedev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. Theonedev An authorization issue...

9.8CVSS8.3AI score0.0316EPSS

Exploits1References5

CNNVD•added 2022/09/13 12:0 a.m.•1 views

Theonedev Onedev 安全漏洞

7.5CVSS7.3AI score0.01087EPSS

Exploits1References4

Positive Technologies•added 2022/09/13 12:0 a.m.•2 views

PT-2022-24808 · Onedev · Onedev

Name of the Vulnerable Software and Affected Versions: Onedev versions prior to 7.3.0 Description: Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. All files in the /opt/onedev/sites/ directory are exposed and can be read by unauthenticated users. This directory contains al...

7.5CVSS7.3AI score0.01087EPSS

Exploits1References6

CNNVD•added 2022/09/13 12:0 a.m.•3 views

Theonedev Onedev 跨站脚本漏洞

5.4CVSS5.5AI score0.00525EPSS

Exploits1References4

CNNVD•added 2022/09/13 12:0 a.m.•1 views

Theonedev Onedev 授权问题漏洞

9.9CVSS8.3AI score0.01049EPSS

Exploits1References4

Positive Technologies•added 2022/09/13 12:0 a.m.•2 views

PT-2022-24805 · Onedev · Onedev

Name of the Vulnerable Software and Affected Versions: Onedev versions prior to 7.3.0 Description: The issue allows unauthenticated users to take over an Onedev instance if there is no properly configured reverse proxy. The "/git-prereceive-callback" endpoint, intended for localhost access, can b...

9.8CVSS9.7AI score0.0316EPSS

Exploits1References6

NVD•added 2021/06/01 6:15 p.m.•8 views

CVE-2021-32651

OneDev is a development operations platform. If the LDAP external authentication mechanism is enabled in OneDev versions 4.4.1 and prior, an attacker can manipulate a user search filter to send forged queries to the application and explore the LDAP tree using Blind LDAP Injection techniques. The...

4.3CVSS0.00247EPSS

Exploits1References2

OSV•added 2021/06/01 6:15 p.m.•9 views

CVE-2021-32651

4.3CVSS7.2AI score

Exploits0References2

Prion•added 2021/06/01 6:15 p.m.•15 views

Design/Logic Flaw

4.3CVSS5AI score0.00247EPSS

Exploits1References2Affected Software1

CVE•added 2021/06/01 5:15 p.m.•51 views

CVE-2021-32651

CVE-2021-32651 affects OneDev (4.4.1 and earlier) where enabling LDAP external authentication allows Blind LDAP Injection by manipulating the User Search Filter, enabling forged queries to explore the LDAP tree and potentially leak directory information. The issue is fixed in version 4.4.2; upgra...

4.3CVSS4.5AI score0.00247EPSS

Exploits1References2Affected Software1

Cvelist•added 2021/06/01 5:15 p.m.•12 views

CVE-2021-32651 LDAP injection via OneDev may leak some LDAP directory information

3.1CVSS5.2AI score0.00247EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by