CVE-2021-21245 | OneDev is an all-in-one devops platform. In OneDev before ve… | CVSS 10.0 CRITICAL

Description

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to upload a WebShell to OneDev server. This issue is addressed in 4.0.3 by only allowing uploaded file to be in attachments folder. The webshell issue is not possible as OneDev never executes files in attachments folder.

Metadata

CVE ID: CVE-2021-21245
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2020-12-22 00:00 UTC
Published: 2021-01-15 20:10 UTC
Last updated: 2024-08-03 18:09 UTC
Primary CWE: CWE-434
CWE-434 Unrestricted Upload of File with Dangerous Type
Vendor / Product: theonedev / onedev
Sources: cve.org · NVD

Severity & Metrics

10.0 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Affected products (1)

Vendor	Product	Platform	Versions
theonedev	onedev	—	< 4.0.3

Weakness (CWE)

CWE	Source	Description
CWE-434	cna	CWE-434 Unrestricted Upload of File with Dangerous Type

CVSS scores (1)

Score	Severity	Version	Source	Vector
10.0	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

References (2)