Source |
CVE Liste |
Identifiant |
2199572 |
Date de publication |
2021-01-15 20:15:12 (vue: 2021-01-15 22:05:16) |
Titre |
CVE-2021-21243 |
Texte |
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deserialize untrusted data from the request body. These endpoints do not enforce any authentication or authorization checks.
This issue may lead to pre-auth RCE.
This issue was fixed in 4.0.3 by not using deserialization at KubernetesResource side. |
Envoyé |
Oui |
Condensat |
2021 21243 all any auth authentication authorization before body checks cve data deserialization deserialize devops endpoint endpoints enforce exposes fixed from issue kubernetes kubernetesresource lead may methods not one onedev platform pre rce request rest side these two untrusted using version |
Tags |
Guideline
|
Stories |
Uber
|
Notes |
|
Move |
|