OneDev bis 4.0.2 XML Document XmlBuildSpecMigrator.migrate Information Disclosure

eintrageditHistoryDiffjsonxmlCTI

Eine problematische Schwachstelle wurde in OneDev bis 4.0.2 ausgemacht. Es geht hierbei um die Funktion XmlBuildSpecMigrator.migrate der Komponente XML Document Handler. Ein Upgrade auf die Version 4.0.3 vermag dieses Problem zu beheben. Die Schwachstelle lässt sich auch durch das Einspielen eines Patches beheben. Dieser kann von github.com bezogen werden. Als bestmögliche Massnahme wird das Aktualisieren auf eine neue Version empfohlen.

Feld16.01.2021 09:2815.02.2021 02:3615.02.2021 02:39
nameOneDevOneDevOneDev
version<=4.0.2<=4.0.2<=4.0.2
componentXML Document HandlerXML Document HandlerXML Document Handler
functionXmlBuildSpecMigrator.migrateXmlBuildSpecMigrator.migrateXmlBuildSpecMigrator.migrate
cwe200 (Information Disclosure)200 (Information Disclosure)200 (Information Disclosure)
risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
urlhttps://github.com/theonedev/onedev/security/advisories/GHSA-9pph-8gfc-6w2rhttps://github.com/theonedev/onedev/security/advisories/GHSA-9pph-8gfc-6w2rhttps://github.com/theonedev/onedev/security/advisories/GHSA-9pph-8gfc-6w2r
nameUpgradeUpgradeUpgrade
upgrade_version4.0.34.0.34.0.3
patch_urlhttps://github.com/theonedev/onedev/commit/9196fd795e87dab069b4260a3590a0ea886e770fhttps://github.com/theonedev/onedev/commit/9196fd795e87dab069b4260a3590a0ea886e770fhttps://github.com/theonedev/onedev/commit/9196fd795e87dab069b4260a3590a0ea886e770f
cveCVE-2021-21250CVE-2021-21250CVE-2021-21250
date1610751600 (16.01.2021)1610751600 (16.01.2021)1610751600 (16.01.2021)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciPPP
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore4.04.04.0
cvss2_vuldb_tempscore4.03.53.5
cvss3_vuldb_basescore4.34.34.3
cvss3_vuldb_tempscore4.34.14.1
cvss3_meta_basescore4.34.35.4
cvss3_meta_tempscore4.34.15.1
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned16085916001608591600
cve_nvd_summaryOneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which may lead to arbitrary file read. When BuildSpec is provided in XML format, the spec is processed by XmlBuildSpecMigrator.migrate(buildSpecString); which processes the XML document without preventing the expansion of external entities. These entities can be configured to read arbitrary files from the file system and dump their contents in the final XML document to be migrated. If the files are dumped in properties included in the YAML file, it will be possible for an attacker to read them. If not, it is possible for an attacker to exfiltrate the contents of these files Out Of Band. This issue was addressed in 4.0.3 by ignoring ENTITY instructions in xml file.OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which may lead to arbitrary file read. When BuildSpec is provided in XML format, the spec is processed by XmlBuildSpecMigrator.migrate(buildSpecString); which processes the XML document without preventing the expansion of external entities. These entities can be configured to read arbitrary files from the file system and dump their contents in the final XML document to be migrated. If the files are dumped in properties included in the YAML file, it will be possible for an attacker to read them. If not, it is possible for an attacker to exfiltrate the contents of these files Out Of Band. This issue was addressed in 4.0.3 by ignoring ENTITY instructions in xml file.
confirm_urlhttps://github.com/theonedev/onedev/security/advisories/GHSA-9pph-8gfc-6w2rhttps://github.com/theonedev/onedev/security/advisories/GHSA-9pph-8gfc-6w2r
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prL
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iN
cvss3_nvd_aN
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auS
cvss2_nvd_ciP
cvss2_nvd_iiN
cvss2_nvd_aiN
cve_cnaGitHub, Inc.
cvss2_nvd_basescore4.0
cvss3_nvd_basescore6.5

Do you know our Splunk app?

Download it now for free!