Every CVE whose affected-product data names Onedev Project Onedev, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2021-21243 — CVSS 10.0 (critical): OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deserialize…
CVE-2021-21244 — CVSS 10.0 (critical): OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server side…
CVE-2021-21245 — CVSS 10.0 (critical): OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data…
CVE-2021-21242 — CVSS 10.0 (critical): OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth…
CVE-2022-39206 — CVSS 9.9 (critical): Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket (e.g…
CVE-2021-21249 — CVSS 9.6 (critical): OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is an issue involving YAML parsing which can lead to…
CVE-2021-21247 — CVSS 9.6 (critical): OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the application's BasePage registers an AJAX event listener…
CVE-2021-21248 — CVSS 9.6 (critical): OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability involving the build endpoint…
CVE-2022-39205 — CVSS 9.0 (critical): Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. In versions of Onedev prior to 7.3.0 unauthenticated users can take…
CVE-2022-38301 — CVSS 8.8 (high): Onedev v7.4.14 contains a path traversal vulnerability which allows attackers to access restricted files and directories via uploading a…
CVE-2021-21246 — CVSS 8.6 (high): OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make…
CVE-2023-24828 — CVSS 8.1 (high): Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and…
CVE-2021-21251 — CVSS 7.7 (high): OneDev is an all-in-one devops platform. In OneDev before version 4.0.3 there is a critical "zip slip" vulnerability. This issue may lead…
CVE-2021-21250 — CVSS 7.7 (high): OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which may lead to arbitrary file…
CVE-2022-39208 — CVSS 7.5 (high): Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. All files in the /opt/onedev/sites/ directory are exposed and can…
CVE-2024-45309 — CVSS 7.5 (high): OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read…
CVE-2022-39207 — CVSS 5.4 (medium): Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. During CI/CD builds, it is possible to save build artifacts for…
CVE-2021-32651 — CVSS 3.1 (low): OneDev is a development operations platform. If the LDAP external authentication mechanism is enabled in OneDev versions 4.4.1 and prior…