CVE-2021-21246— Theonedev Onedev 信息泄露漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2021-21246の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Pre-Auth Access token leak
ソース: NVD (National Vulnerability Database)
脆弱性説明
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/{id}` endpoint there are no security checks enforced so it is possible to retrieve arbitrary user details including their Access Tokens! These access tokens can be used to access the API or clone code in the build spec via the HTTP(S) protocol. It has permissions to all projects accessible by the user account. This issue may lead to `Sensitive data leak` and leak the Access Token which can be used to impersonate the administrator or any other users. This issue was addressed in 4.0.3 by removing user info from restful api.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
授权机制缺失
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Theonedev Onedev 信息泄露漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Theonedev Onedev是Theonedev团队的一个基于JAVA的多合一DevOps平台。该平台支持容器构建、编排、CI、Git管理、团队协作等功能,帮助开发者构建一个简单、功能强大的开发平台。 Theonedev Onedev before version 4.0.3 存在信息泄露漏洞,攻击者可利用该漏洞访问敏感数据。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
II. CVE-2021-21246の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|---|---|---|
| 1 | OneDev before version 4.0.3 contains an insecure endpoint that allows retrieval of arbitrary user details, including access tokens, due to missing security checks on /users/{id}, letting attackers leak sensitive data and impersonate users, exploit requires no special conditions. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-21246.yaml | POC詳細 |
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2021-21246のインテリジェンス情報
请登录查看更多情报信息。
- https://github.com/theonedev/onedev/security/advisories/GHSA-66v7-gg85-f4gxx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2021-21246
Same Patch Batch · theonedev · 2021-01-15 · 10 CVEs total
| CVE-2021-21242 | 10.0 CRITICAL | Pre-Auth Unsafe Deserialization on AttachmentUploadServet |
| CVE-2021-21243 | 10.0 CRITICAL | Pre-Auth Unsafe Deserialization on KubernetesResource |
| CVE-2021-21244 | 10.0 CRITICAL | Pre-Auth SSTI via Bean validation message tampering |
| CVE-2021-21245 | 10.0 CRITICAL | Pre-Auth Arbitrary File Upload |
| CVE-2021-21247 | 9.6 CRITICAL | Post-Auth Unsafe Deserialization on BasePage (AJAX) |
| CVE-2021-21248 | 9.6 CRITICAL | Post-Auth Arbitrary Code execution via Groovy script injection |
| CVE-2021-21249 | 9.6 CRITICAL | Post-Auth Unsafe Yaml deserialization |
| CVE-2021-21250 | 7.7 HIGH | Post-Auth External Entity Expansion (XXE) |
| CVE-2021-21251 | 7.7 HIGH | ZipSlip Arbitrary File Upload |
IV. 関連脆弱性
同じ弱点: CWE-862
- CVE-2021-47932
WordPress TheCartPress 1.5.3.6 Privilege Escalation Unauthen - CVE-2025-15634
HCL BigFix WebUI is affected by a missing authorization vuln - CVE-2026-42297
Argo Workflows Is Missing Authorization in Sync ConfigMap Pr - CVE-2026-42174
Kirby: User avatar creation, replacement and deletion are no - CVE-2026-42137
Kirby: `pages.access/list` and `files.access/list` permissio
V. CVE-2021-21246へのコメント
まだコメントはありません