Attackers need to have an account (or be able to register one) and need permission to create a project. This issue allows regular (non-admin) users to potentially take over the build infrastructure of a OneDev instance.
This is a known dangerous pattern, as it can be used to break out of Docker containers and, in most cases, gain root privileges on the host system. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daemon on the host machine. var/run/docker.sock on Linux) is mounted into each Docker step. When using Docker-based job executors, the Docker socket (e.g. Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. An attacker can make an authenticated HTTP request to trigger this vulnerability.
A specially-crafted HTTP request can lead to arbitrary command execution. An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4.
0 kommentar(er)
