SOC News: Article

One Article Review

Accueil - L'article:

Source	CVE Liste
Identifiant	2199572
Date de publication	2021-01-15 20:15:12 (vue: 2021-01-15 22:05:16)
Titre	CVE-2021-21243
Texte	OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deserialize untrusted data from the request body. These endpoints do not enforce any authentication or authorization checks. This issue may lead to pre-auth RCE. This issue was fixed in 4.0.3 by not using deserialization at KubernetesResource side.
Envoyé	Oui
Condensat	2021 21243 all any auth authentication authorization before body checks cve data deserialization deserialize devops endpoint endpoints enforce exposes fixed from issue kubernetes kubernetesresource lead may methods not one onedev platform pre rce request rest side these two untrusted using version
Tags	Guideline
Stories	Uber
Notes
Move

L'article ne semble pas avoir été repris aprés sa publication.

L'article ne semble pas avoir été repris sur un précédent.