CVE-2024-45309
- Source
- https://cve.org/CVERecord?id=CVE-2024-45309
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-45309.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-45309
- Aliases
-
- GHSA-7wg5-6864-v489
- Published
- 2024-10-21T14:55:18.293Z
- Modified
- 2026-02-11T02:34:47.395699Z
- Severity
-
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- OneDev vulnerable to arbitrary file reading for unauthenticated user
- Details
-
OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-200" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/45xxx/CVE-2024-45309.json" }- References
Affected packages
Git / github.com/theonedev/onedev
Affected ranges
- Type
- GIT
- Repo
- https://github.com/theonedev/onedev
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.0-beta-build118
2.0-beta-build119
2.0-beta-build120
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
v10.*
v10.0.0
v10.1.0
v10.1.1
v10.1.2
v10.1.3
v10.1.4
v10.1.5
v10.1.6
v10.2.0
v10.2.1
v10.3.0
v10.3.1
v10.3.2
v10.3.3
v10.4.0
v10.5.0
v10.5.1
v10.5.2
v10.5.3
v10.6.0
v10.7.0
v10.7.1
v10.7.2
v10.7.3
v10.7.5
v10.7.6
v10.7.7
v10.8.0
v10.9.0
v10.9.1
v10.9.10
v10.9.2
v10.9.3
v10.9.4
v10.9.5
v10.9.6
v10.9.7
v10.9.8
v10.9.9
v11.*
v11.0.0
v11.0.1
v11.0.3
v11.0.4
v11.0.5
v11.0.6
v11.0.7
v11.0.8
v3.*
v3.0.10
v3.0.11
v3.0.12
v3.0.13
v3.0.14
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9
v3.1.0
v3.1.1
v3.1.2
v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.2.4
v3.2.5
v3.2.6
v3.2.7
v3.2.8
v4.*
v4.0.0
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.10.3
v4.11.0
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.3.0
v4.3.1
v4.3.2
v4.3.3
v4.3.4
v4.3.5
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.5.0
v4.6.0
v4.6.1
v4.7.0
v4.8.0
v4.8.1
v4.9.0
v4.9.1
v4.9.2
v4.9.3
v4.9.4
v5.*
v5.0.0
v5.0.1
v5.1.0
v5.2.0
v5.2.1
v5.2.2
v5.3.0
v5.3.1
v5.3.3
v5.4.0
v6.*
v6.0.0
v6.1.0
v6.1.1
v6.1.2
v6.1.3
v6.1.4
v6.1.5
v6.2.0
v6.2.1
v6.2.2
v6.2.3
v6.2.4
v6.3.0
v6.3.1
v6.3.10
v6.3.11
v6.3.12
v6.3.13
v6.3.14
v6.3.15
v6.3.16
v6.3.17
v6.3.18
v6.3.19
v6.3.2
v6.3.20
v6.3.21
v6.3.22
v6.3.23
v6.3.24
v6.3.25
v6.3.3
v6.3.4
v6.3.5
v6.3.6
v6.3.7
v6.3.8
v6.3.9
v7.*
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.9
v7.1.0
v7.1.1
v7.1.2
v7.1.3
v7.1.4
v7.1.5
v7.1.6
v7.1.7
v7.1.8
v7.2.0
v7.2.1
v7.2.2
v7.2.3
v7.2.4
v7.2.5
v7.2.7
v7.2.8
v7.2.9
v7.3.0
v7.3.10
v7.3.11
v7.3.12
v7.3.13
v7.3.14
v7.3.15
v7.3.2
v7.3.3
v7.3.4
v7.3.5
v7.3.6
v7.3.7
v7.3.8
v7.3.9
v7.4.0
v7.4.1
v7.4.10
v7.4.11
v7.4.12
v7.4.13
v7.4.14
v7.4.15
v7.4.16
v7.4.17
v7.4.18
v7.4.19
v7.4.2
v7.4.20
v7.4.21
v7.4.22
v7.4.23
v7.4.24
v7.4.25
v7.4.26
v7.4.27
v7.4.28
v7.4.29
v7.4.3
v7.4.5
v7.4.6
v7.4.7
v7.4.8
v7.4.9
v7.5.0
v7.5.1
v7.5.2
v7.5.3
v7.6.0
v7.6.1
v7.6.2
v7.7.0
v7.7.1
v7.7.10
v7.7.11
v7.7.12
v7.7.13
v7.7.14
v7.7.15
v7.7.2
v7.7.5
v7.7.6
v7.7.7
v7.7.8
v7.7.9
v7.8.0
v7.8.1
v7.8.10
v7.8.11
v7.8.12
v7.8.13
v7.8.14
v7.8.15
v7.8.16
v7.8.2
v7.8.3
v7.8.4
v7.8.5
v7.8.6
v7.8.7
v7.8.8
v7.8.9
v7.9.0
v7.9.1
v7.9.10
v7.9.11
v7.9.12
v7.9.2
v7.9.3
v7.9.4
v7.9.5
v7.9.6
v7.9.7
v7.9.8
v7.9.9
v8.*
v8.0.0
v8.0.1
v8.0.10
v8.0.11
v8.0.12
v8.0.13
v8.0.14
v8.0.15
v8.0.2
v8.0.3
v8.0.4
v8.0.5
v8.0.6
v8.0.7
v8.0.8
v8.0.9
v8.1.0
v8.1.1
v8.1.2
v8.1.3
v8.1.4
v8.1.5
v8.1.6
v8.2.0
v8.2.1
v8.2.2
v8.2.3
v8.2.4
v8.2.5
v8.2.6
v8.2.7
v8.2.8
v8.3.0
v8.3.1
v8.3.2
v8.3.3
v8.3.4
v8.3.5
v8.3.6
v8.3.7
v8.3.8
v8.4.0
v8.4.1
v8.4.2
v8.5.0
v8.5.1
v8.5.2
v8.5.3
v8.5.4
v8.5.5
v8.5.6
v8.5.7
v8.5.8
v8.5.9
v8.6.0
v8.6.1
v8.6.10
v8.6.11
v8.6.12
v8.6.2
v8.6.4
v8.6.5
v8.6.6
v8.6.7
v8.6.8
v8.6.9