Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
onedev project onedev vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-21251
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3 there is a critical "zip slip" vulnerability. This issue may lead to arbitrary file write. The KubernetesResource REST endpoint untars user controlled data from the request body using TarUtils. TarU...
Onedev Project Onedev
NA
CVE-2022-39205
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. In versions of Onedev before 7.3.0 unauthenticated users can take over a OneDev instance if there is no properly configured reverse proxy. The /git-prereceive-callback endpoint is used by the pre-receive git ...
Onedev Project Onedev
NA
CVE-2022-39206
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket (e.g. /var/run/docker.sock on Linux) is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a project could use this to cont...
Onedev Project Onedev
NA
CVE-2022-39207
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. During CI/CD builds, it is possible to save build artifacts for later retrieval. They can be accessed through OneDev's web UI after the successful run of a build. These artifact files are served by the w...
Onedev Project Onedev
NA
CVE-2022-39208
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. All files in the /opt/onedev/sites/ directory are exposed and can be read by unauthenticated users. This directory contains all projects, including their bare git repos and build artifacts. This file disclosu...
Onedev Project Onedev
4.3
CVSSv2
CVE-2021-32651
OneDev is a development operations platform. If the LDAP external authentication mechanism is enabled in OneDev versions 4.4.1 and prior, an attacker can manipulate a user search filter to send forged queries to the application and explore the LDAP tree using Blind LDAP Injection...
Onedev Project Onedev
NA
CVE-2022-38301
Onedev v7.4.14 contains a path traversal vulnerability which allows malicious users to access restricted files and directories via uploading a crafted JAR file into the directory /opt/onedev/lib.
Onedev Project Onedev 7.4.14
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2