3 matches found
CVE-2023-24828
Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users or everyone if it allows self-registration may exploit this to elevate privilege to...
CVE-2023-24828 Use of Cryptographically Weak Pseudo-Random Number Generator in Onedev
Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users or everyone if it allows self-registration may exploit this to elevate privilege to...
CVE-2023-24828
CVE-2023-24828 affects Onedev (self-hosted Git Server with CI/CD and Kanban). The vulnerability arises from using a cryptographically weak PRNG to generate access tokens and password reset keys in versions prior to 7.9.12, which could allow normal users (or all users if self-registration is enabl...