HTTP: OneDev Pre-Authentication Token Leak
This signature detects attempts to exploit a known vulnerability against OneDev. A successful attack can lead to sensitive information disclosure.
Extended Description
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/{id}` endpoint there are no security checks enforced so it is possible to retrieve arbitrary user details including their Access Tokens! These access tokens can be used to access the API or clone code in the build spec via the HTTP(S) protocol. It has permissions to all projects accessible by the user account. This issue may lead to `Sensitive data leak` and leak the Access Token which can be used to impersonate the administrator or any other users. This issue was addressed in 4.0.3 by removing user info from restful api.
Affected Products
Onedev_project onedev
References
CVE: CVE-2021-21246
Short Name
HTTP:INFO-LEAK:ONEDEV-TOKEN
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2021-21246 Leak OneDev Pre-Authentication Token
Release Date
05/02/2025
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3805
False Positive
Rarely
Vendors
Onedev_project