Home > Vulnerability Database > CVE-2024-45309

Mend.io Vulnerability Database

CVE-2024-45309

Date: October 21, 2024

OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9.

Severity Score

7.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-45309

Url: https://github.com/theonedev/onedev/commit/4637aaac8c70d41aa789b7fce208b75c6a7b711f

Url: https://github.com/theonedev/onedev/security/advisories/GHSA-7wg5-6864-v489

Url: https://www.mend.io/vulnerability-database/CVE-2024-45309

Severity Score

7.5

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-45309

Date: October 21, 2024

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?