2 matches found
CVE-2022-39205 Access Control Bypass in Onedev
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. In versions of Onedev prior to 7.3.0 unauthenticated users can take over a OneDev instance if there is no properly configured reverse proxy. The /git-prereceive-callback endpoint is used by the pre-receive git hook on the...
CVE-2022-39205
Onedev (open source Git server) has a critical remote issue in versions prior to 7.3.0 where unauthenticated users can take over a OneDev instance if there is no properly configured reverse proxy. The /git-prereceive-callback endpoint (meant to be localhost-restricted) relies on the X-Forwarded-F...