漏洞标题
基础页面(AJAX)上的后授权不安全反序列化
漏洞描述信息
基础页面(AJAX)上的后授权不安全反序列化
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
Post-Auth Unsafe Deserialization on BasePage (AJAX)
漏洞描述信息
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the application's BasePage registers an AJAX event listener (`AbstractPostAjaxBehavior`) in all pages other than the login page. This listener decodes and deserializes the `data` query parameter. We can access this listener by submitting a POST request to any page. This issue may lead to `post-auth RCE` This endpoint is subject to authentication and, therefore, requires a valid user to carry on the attack. This issue was addressed in 4.0.3 by encrypting serialization payload with secrets only known to server.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
漏洞类别
输出中的特殊元素转义处理不恰当(注入)
漏洞标题
Theonedev Onedev 代码问题漏洞
漏洞描述信息
Theonedev Onedev是Theonedev团队的一个基于JAVA的多合一DevOps平台。该平台支持容器构建、编排、CI、Git管理、团队协作等功能,帮助开发者构建一个简单、功能强大的开发平台。 OneDev before version 4.0.3 存在代码问题漏洞,该漏洞源于未正确限制来自未授权角色的资源访问。
CVSS信息
N/A
漏洞类别
代码问题