CyberSec.Space Logo
Back to CVE Browser

CVE-2021-21245

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1920%
EPSS Percentile13.40th
PublishedJan 15, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to upload a WebShell to OneDev server. This issue is addressed in 4.0.3 by only allowing uploaded file to be in attachments folder. The webshell issue is not possible as OneDev never executes files in attachments folder.

Affected Platforms (CPE)

πŸ“¦
Onedev Project

Onedev

< 4.0.3

References & Advisories

πŸ”— https://github.com/theonedev/onedev/commit/0c060153fb97c0288a1917efdb17cc426934dacb
πŸ”— https://github.com/theonedev/onedev/security/advisories/GHSA-62m2-38q5-96w9
πŸ”— https://github.com/theonedev/onedev/commit/0c060153fb97c0288a1917efdb17cc426934dacb
πŸ”— https://github.com/theonedev/onedev/security/advisories/GHSA-62m2-38q5-96w9

Related Vulnerabilities

CVE-2021-2124310.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deser...

CVE-2021-2124410.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server sid...

CVE-2021-2124210.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-a...

CVE-2021-212479.6

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the application's BasePage registers an AJAX event listen...