Theonedev Onedev vulnerabilities
22 known vulnerabilities affecting theonedev/onedev.
Total CVEs
22
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL6HIGH9MEDIUM7
Vulnerabilities
Page 2 of 2
CVE-2022-39207P4MEDIUMCVSS 5.4fixed in 7.3.02022-09-13
CVE-2022-39207 [MEDIUM] CWE-79 CVE-2022-39207: Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. During CI/CD builds, it is p
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. During CI/CD builds, it is possible to save build artifacts for later retrieval. They can be accessed through OneDev's web UI after the successful run of a build. These artifact files are served by the webserver in the same context as the UI without any further restrictions. This
nvd
CVE-2021-32651P4MEDIUMCVSS 4.3≤ 4.4.12021-06-01
CVE-2021-32651 [MEDIUM] CWE-90 CVE-2021-32651: OneDev is a development operations platform. If the LDAP external authentication mechanism is enable
OneDev is a development operations platform. If the LDAP external authentication mechanism is enabled in OneDev versions 4.4.1 and prior, an attacker can manipulate a user search filter to send forged queries to the application and explore the LDAP tree using Blind LDAP Injection techniques. The specific payload depends on how the User Search Filter
nvd
← Previous2 / 2