Auto-merge PR#527

2025-07-29 05:56:59 +00:00 · 2021-01-15 15:16:05 -05:00 · 2021-01-15 15:16:05 -05:00 · 0da6c0f504
commit 0da6c0f504
parent 815468a09c 8801c8d209
1 changed files with 76 additions and 6 deletions
--- a/2021/21xxx/CVE-2021-21245.json
+++ b/2021/21xxx/CVE-2021-21245.json
@ -1,18 +1,88 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2021-21245",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Pre-Auth Arbitrary File Upload"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "onedev",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "< 4.0.3"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "theonedev"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader(\"File-Name\")`).\n\nThis issue may lead to arbitrary file upload which can be used to upload a WebShell to OneDev server.\n\nThis issue is addressed in 4.0.3 by only allowing uploaded file to be in attachments folder. The webshell issue is not possible as OneDev never executes files in attachments folder."
            }
        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 10,
+            "baseSeverity": "CRITICAL",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "HIGH",
+            "privilegesRequired": "NONE",
+            "scope": "CHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/theonedev/onedev/security/advisories/GHSA-62m2-38q5-96w9",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/theonedev/onedev/security/advisories/GHSA-62m2-38q5-96w9"
+            },
+            {
+                "name": "https://github.com/theonedev/onedev/commit/0c060153fb97c0288a1917efdb17cc426934dacb",
+                "refsource": "MISC",
+                "url": "https://github.com/theonedev/onedev/commit/0c060153fb97c0288a1917efdb17cc426934dacb"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-62m2-38q5-96w9",
+        "discovery": "UNKNOWN"
    }
 }