CVE-2024-45309

Oct. 21, 2024, 5:09 p.m.

Tags

security-advisories@github.com
CWE-200
2024-10-21
CVE-2024-45309

Product(s) Impacted

OneDev

  • before 11.0.9

Description

OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9.

Weaknesses

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE ID: 200

Date

Published: Oct. 21, 2024, 3:15 p.m.

Last Modified: Oct. 21, 2024, 5:09 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

References

https://github.com/theonedev/onedev/commit/4637aaac8c70d41aa789b7fce208b75c6a7b711f
security-advisories@github.com
https://github.com/theonedev/onedev/security/advisories/GHSA-7wg5-6864-v489
security-advisories@github.com