CVE-2023-24828 – Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the …

8 February 2023

Vuln ID: CVE-2023-24828

Published: 2023-02-08 00:15:08Z

Description: Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users (or everyone if it allows self-registration) may exploit this to elevate privilege to obtain administrator permission. This issue is has been addressed in version 7.9.12. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Source: NVD.NIST.GOV

Date:

8 February 2023

Categorie(s):

NVD

Tag(s):

NVD

How APIs Help To Improve Your Customers’ Experience [5 Tips]20 April 2024
Essential Cyber Security Plan for Small Business20 April 2024
Are PayPal’s Executives Looking Towards Re-Inventing the Product’s Identity?20 April 2024
Why A One-Size-Fits-All Approach No Longer Works For Modern Banking Clients20 April 2024
What Is Zero Trust Architecture All About?20 April 2024