Lucene search

GitHub_MCVELIST:CVE-2021-21247

HistoryJan 15, 2021 - 8:10 p.m.

CVE-2021-21247 Post-Auth Unsafe Deserialization on BasePage (AJAX)

2021-01-1520:10:40

CWE-74

GitHub_M

www.cve.org

deserialization basepage ajax listener rce authentication encryption 4.0.3

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

40.9%

JSON

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the application’s BasePage registers an AJAX event listener (AbstractPostAjaxBehavior) in all pages other than the login page. This listener decodes and deserializes the data query parameter. We can access this listener by submitting a POST request to any page. This issue may lead to post-auth RCE This endpoint is subject to authentication and, therefore, requires a valid user to carry on the attack. This issue was addressed in 4.0.3 by encrypting serialization payload with secrets only known to server.

CNA Affected

[
  {
    "product": "onedev",
    "vendor": "theonedev",
    "versions": [
      {
        "status": "affected",
        "version": "< 4.0.3"
      }
    ]
  }
]

References

github.com/theonedev/onedev/security/advisories/GHSA-6pxf-75cf-vwjp

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

40.9%

JSON

Related for CVELIST:CVE-2021-21247