Pre-Auth Arbitrary File Upload
CVE-2021-21245

10CRITICAL

Key Information:

Vendor: Theonedev
Status: Onedev
Vendor: CVE Published:; 15 January 2021

What is CVE-2021-21245?

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (request.getInputStream()) to a user specified location (request.getHeader("File-Name")). This issue may lead to arbitrary file upload which can be used to upload a WebShell to OneDev server. This issue is addressed in 4.0.3 by only allowing uploaded file to be in attachments folder. The webshell issue is not possible as OneDev never executes files in attachments folder.

Affected Version(s)

onedev < 4.0.3

References

https://github.com/theonedev/onedev/security/advisories/G...

x_refsource_CONFIRM

https://github.com/theonedev/onedev/commit/0c060153fb97c0...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2021
Vulnerability Reserved
Dec 22, 2020

CVE-2021-21245 Data

JSON

Theonedev

What is CVE-2021-21245?

Affected Version(s)

References

CVSS V3.1

Timeline