OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which may lead to arbitrary file read. When BuildSpec is provided in XML format, the spec is processed by XmlBuildSpecMigrator.migrate(buildSpecString); which processes the XML document without preventing the expansion of external entities. These entities can be configured to read arbitrary files from the file system and dump their contents in the final XML document to be migrated. If the files are dumped in properties included in the YAML file, it will be possible for an attacker to read them. If not, it is possible for an attacker to exfiltrate the contents of these files Out Of Band. This issue was addressed in 4.0.3 by ignoring ENTITY instructions in xml file.
References
Link | Resource |
---|---|
https://github.com/theonedev/onedev/commit/9196fd795e87dab069b4260a3590a0ea886e770f | Patch Third Party Advisory |
https://github.com/theonedev/onedev/security/advisories/GHSA-9pph-8gfc-6w2r | Third Party Advisory |
https://github.com/theonedev/onedev/commit/9196fd795e87dab069b4260a3590a0ea886e770f | Patch Third Party Advisory |
https://github.com/theonedev/onedev/security/advisories/GHSA-9pph-8gfc-6w2r | Third Party Advisory |
Configurations
History
21 Nov 2024, 05:47
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 7.7 |
References | () https://github.com/theonedev/onedev/commit/9196fd795e87dab069b4260a3590a0ea886e770f - Patch, Third Party Advisory | |
References | () https://github.com/theonedev/onedev/security/advisories/GHSA-9pph-8gfc-6w2r - Third Party Advisory |
Information
Published : 2021-01-15 21:15
Updated : 2024-11-21 05:47
NVD link : CVE-2021-21250
Mitre link : CVE-2021-21250
CVE.ORG link : CVE-2021-21250
JSON object : View
Products Affected
onedev_project
- onedev
CWE
CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory