Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-45309 PoC — OneDev 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-45309.yaml
Associated Vulnerability
Title:OneDev 安全漏洞 (CVE-2024-45309)
Description:OneDev是Theonedev团队的一个基于JAVA的多合一DevOps平台。该平台支持容器构建、编排、CI、Git管理、团队协作等功能,帮助开发者构建一个简单、功能强大的开发平台。 OneDev 11.0.9之前版本存在安全漏洞,该漏洞源于允许未经身份验证的用户读取服务器进程,从而可以访问任意文件。
Description
Files on the host computer can be accessed by directory traversal.
File Snapshot

 id: CVE-2024-45309

info:
  name: OneDev.io < 11.0.9 - Arbitrary File Read
  author: isacaya
  sever

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.