Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-21246— Pre-Auth Access token leak

CVSS 8.6 · High EPSS 24.88% · P96
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-21246

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Pre-Auth Access token leak
Source: NVD (National Vulnerability Database)
Vulnerability Description
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/{id}` endpoint there are no security checks enforced so it is possible to retrieve arbitrary user details including their Access Tokens! These access tokens can be used to access the API or clone code in the build spec via the HTTP(S) protocol. It has permissions to all projects accessible by the user account. This issue may lead to `Sensitive data leak` and leak the Access Token which can be used to impersonate the administrator or any other users. This issue was addressed in 4.0.3 by removing user info from restful api.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
Theonedev Onedev 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Theonedev Onedev是Theonedev团队的一个基于JAVA的多合一DevOps平台。该平台支持容器构建、编排、CI、Git管理、团队协作等功能,帮助开发者构建一个简单、功能强大的开发平台。 Theonedev Onedev before version 4.0.3 存在信息泄露漏洞,攻击者可利用该漏洞访问敏感数据。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
theonedevonedev < 4.0.3 -

II. Public POCs for CVE-2021-21246

#POC DescriptionSource LinkShenlong Link
1OneDev before version 4.0.3 contains an insecure endpoint that allows retrieval of arbitrary user details, including access tokens, due to missing security checks on /users/{id}, letting attackers leak sensitive data and impersonate users, exploit requires no special conditions. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-21246.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-21246

登录查看更多情报信息。

Same Patch Batch · theonedev · 2021-01-15 · 10 CVEs total

CVE-2021-2124210.0 CRITICALPre-Auth Unsafe Deserialization on AttachmentUploadServet
CVE-2021-2124310.0 CRITICALPre-Auth Unsafe Deserialization on KubernetesResource
CVE-2021-2124410.0 CRITICALPre-Auth SSTI via Bean validation message tampering
CVE-2021-2124510.0 CRITICALPre-Auth Arbitrary File Upload
CVE-2021-212479.6 CRITICALPost-Auth Unsafe Deserialization on BasePage (AJAX)
CVE-2021-212489.6 CRITICALPost-Auth Arbitrary Code execution via Groovy script injection
CVE-2021-212499.6 CRITICALPost-Auth Unsafe Yaml deserialization
CVE-2021-212507.7 HIGHPost-Auth External Entity Expansion (XXE)
CVE-2021-212517.7 HIGHZipSlip Arbitrary File Upload

IV. Related Vulnerabilities

Same product: onedev
Same vendor: theonedev
Same weakness: CWE-862

V. Comments for CVE-2021-21246

No comments yet

Leave a comment