OneDev DevOps Platform Patches Critical Security Flaw Exposing Sensitive Data – (CVE-2024-45309)
A critical security vulnerability (CVE-2024-45309) has been discovered and patched in OneDev, a popular open-source DevOps platform. This vulnerability could have allowed unauthenticated attackers to read arbitrary files accessible by the OneDev server process, potentially exposing sensitive information such as source code, configuration files, and user credentials.
OneDev is an all-in-one DevOps platform that aims to simplify the software development lifecycle. It’s open-source and provides a comprehensive suite of tools within a single application, making it a strong alternative to platforms like GitLab.
The vulnerability, assigned a CVSSv4 score of 8.7, highlights a serious security risk for organizations using OneDev versions 11.0.8 and earlier. Exploitation of this flaw could have severe consequences, including data breaches, intellectual property theft, and system compromise.
“A critical security vulnerability was found allowing unauthenticated user reading arbitrary file accessible by OneDev server process,” reads the security advisory.
The OneDev development team has addressed the vulnerability in version 11.0.9. All users are strongly urged to update to the latest version immediately.
