onedev — Vulnerabilities & Security Advisories 17

All 17 CVE vulnerabilities found in onedev, with AI-generated Chinese analysis, references, and POCs.

Vendor: theonedev

CVE ID	Title	CVSS	Severity	Published
CVE-2024-45309	OneDev vulnerable to arbitrary file reading for unauthenticated user CWE-200	7.5^AI	High^AI	2024-10-21
CVE-2023-24828	Use of Cryptographically Weak Pseudo-Random Number Generator in Onedev CWE-338	8.1	High	2023-02-07
CVE-2022-39206	CI/CD Docker Escape in OneDev CWE-610	9.9	Critical	2022-09-13
CVE-2022-39207	Persistent XSS in OneDev CWE-79	5.4	Medium	2022-09-13
CVE-2022-39208	Git Repository Disclosure in Onedev CWE-552	7.5	High	2022-09-13
CVE-2022-39205	Access Control Bypass in Onedev CWE-287	9.0	Critical	2022-09-13
CVE-2021-32651	LDAP injection via OneDev may leak some LDAP directory information CWE-90	3.1	Low	2021-06-01
CVE-2021-21245	Pre-Auth Arbitrary File Upload CWE-434	10.0	Critical	2021-01-15
CVE-2021-21246	Pre-Auth Access token leak CWE-862	8.6	High	2021-01-15
CVE-2021-21247	Post-Auth Unsafe Deserialization on BasePage (AJAX) CWE-74	9.6	Critical	2021-01-15
CVE-2021-21249	Post-Auth Unsafe Yaml deserialization CWE-74	9.6	Critical	2021-01-15
CVE-2021-21248	Post-Auth Arbitrary Code execution via Groovy script injection CWE-74	9.6	Critical	2021-01-15
CVE-2021-21250	Post-Auth External Entity Expansion (XXE) CWE-538	7.7	High	2021-01-15
CVE-2021-21251	ZipSlip Arbitrary File Upload CWE-22	7.7	High	2021-01-15
CVE-2021-21242	Pre-Auth Unsafe Deserialization on AttachmentUploadServet CWE-74	10.0	Critical	2021-01-15
CVE-2021-21243	Pre-Auth Unsafe Deserialization on KubernetesResource CWE-74	10.0	Critical	2021-01-15
CVE-2021-21244	Pre-Auth SSTI via Bean validation message tampering CWE-74	10.0	Critical	2021-01-15

All 17 known CVE vulnerabilities affecting onedev with full Chinese analysis, references, and POCs where available.