3 matches found
CVE-2022-39207
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. During CI/CD builds, it is possible to save build artifacts for later retrieval. They can be accessed through OneDev's web UI after the successful run of a build. These artifact files are served by the webserver in the same...
CVE-2022-39207
The CVE-2022-39207 issue affects OneDev (Onedev) Build artifacts handling. It allows XSS via artifacts saved during CI/CD, served in the UI context without additional restrictions. The underlying cause is HTML content in artifacts being rendered by browsers, enabling a session-credential theft ri...
CVE-2022-39207 Persistent XSS in OneDev
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. During CI/CD builds, it is possible to save build artifacts for later retrieval. They can be accessed through OneDev's web UI after the successful run of a build. These artifact files are served by the webserver in the same...