CVE-2024-45309 Information

Description

OneDev is a Git server with CI/CD kanban and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9.

Reference

https://github.com/theonedev/onedev/security/advisories/GHSA-7wg5-6864-v489 https://github.com/theonedev/onedev/commit/4637aaac8c70d41aa789b7fce208b75c6a7b711f