ГлавнаяУязвимости → CVE-2024-45309
7.5высокая

CVE-2024-45309

Описание

OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9.

Затрагиваемое ПО
Onedev project Onedev
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Источники
https://github.com/theonedev/onedev/commit/4637aaac8c70d41aa789b7fce208b75c6a7b711fhttps://github.com/theonedev/onedev/security/advisories/GHSA-7wg5-6864-v489