OneDev Project OneDev 7.4.14

CPE Details

OneDev Project OneDev 7.4.14
onedev_project
onedev
7.4.14
2022-09-15
13h05 +00:00
2022-09-15
14h17 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:onedev_project:onedev:7.4.14:*:*:*:*:*:*:*

Informations

Vendor

onedev_project

Product

onedev

Version

7.4.14

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-45309 2024-10-21 14h55 +00:00 OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9.
8.7
Haute
CVE-2023-24828 2023-02-07 23h25 +00:00 Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users (or everyone if it allows self-registration) may exploit this to elevate privilege to obtain administrator permission. This issue is has been addressed in version 7.9.12. Users are advised to upgrade. There are no known workarounds for this vulnerability.
8.8
Haute
CVE-2022-38301 2022-09-14 18h13 +00:00 Onedev v7.4.14 contains a path traversal vulnerability which allows attackers to access restricted files and directories via uploading a crafted JAR file into the directory /opt/onedev/lib.
8.8
Haute