CVE-2021-21247
Last modified
CVE-2021-21247 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the application's BasePage registers an AJAX event listener (`AbstractPostAjaxBehavior`) in all pages other than the login page. EPSS estimates a 1.50% chance of exploitation in the next 30 days.
Description
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the application's BasePage registers an AJAX event listener (`AbstractPostAjaxBehavior`) in all pages other than the login page. This listener decodes and deserializes the `data` query parameter. We can access this listener by submitting a POST request to any page. This issue may lead to `post-auth RCE` This endpoint is subject to authentication and, therefore, requires a valid user to carry on the attack. This issue was addressed in 4.0.3 by encrypting serialization payload with secrets only known to server.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Onedev Project | Onedev | < 4.0.3 |
References
- https://github.com/theonedev/onedev/security/advisories/GHSA-6pxf-75cf-vwjpThird Party Advisory
- https://github.com/theonedev/onedev/security/advisories/GHSA-6pxf-75cf-vwjpThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-21247?
How severe is CVE-2021-21247?
How do I fix CVE-2021-21247?
Are you affected by CVE-2021-21247?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST