CVE-2021-21243 – OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST …

15 January 2021

Vuln ID: CVE-2021-21243

Published: 2021-01-15 20:15:12Z

Description: OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deserialize untrusted data from the request body. These endpoints do not enforce any authentication or authorization checks.

This issue may lead to pre-auth RCE.

This issue was fixed in 4.0.3 by not using deserialization at KubernetesResource side.

Source: NVD.NIST.GOV

Date:

15 January 2021

Categorie(s):

NVD

Tag(s):

NVD

AI sparks increasing cyber concerns for execs amid growing adoption26 April 2024
More details on rural water system breach sought by legislators26 April 2024
Updated CISA exploited vulnerabilties catalog includes Windows print spooler bug26 April 2024
Severe Flaws Disclosed in Brocade SANnav SAN Management Software26 April 2024
Microsoft credentials targeted by phishing campaign using Autodesk Drive26 April 2024