Pre-Auth Arbitrary File Upload

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to upload a WebShell to OneDev server. This issue is addressed in 4.0.3 by only allowing uploaded file to be in attachments folder. The webshell issue is not possible as OneDev never executes files in attachments folder.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

危险类型文件的不加限制上传

Theonedev Onedev 代码问题漏洞

Theonedev Onedev是Theonedev团队的一个基于JAVA的多合一DevOps平台。该平台支持容器构建、编排、CI、Git管理、团队协作等功能，帮助开发者构建一个简单、功能强大的开发平台。 Theonedev Onedev before version 4.0.3 存在代码问题漏洞，该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。攻击者可利用该漏洞任意的文件上传。

N/A

N/A