Post-Auth Unsafe Deserialization on BasePage (AJAX)

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the application's BasePage registers an AJAX event listener (`AbstractPostAjaxBehavior`) in all pages other than the login page. This listener decodes and deserializes the `data` query parameter. We can access this listener by submitting a POST request to any page. This issue may lead to `post-auth RCE` This endpoint is subject to authentication and, therefore, requires a valid user to carry on the attack. This issue was addressed in 4.0.3 by encrypting serialization payload with secrets only known to server.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

输出中的特殊元素转义处理不恰当(注入)

Theonedev Onedev 代码问题漏洞

Theonedev Onedev是Theonedev团队的一个基于JAVA的多合一DevOps平台。该平台支持容器构建、编排、CI、Git管理、团队协作等功能，帮助开发者构建一个简单、功能强大的开发平台。 OneDev before version 4.0.3 存在代码问题漏洞，该漏洞源于未正确限制来自未授权角色的资源访问。

N/A

N/A