CVE: CVE-2021-21244

Export to Word

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server side template injection via Bean validation message tampering. Full details in the reference GHSA. This issue was fixed in 4.0.3 by disabling validation interpolation completely.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.0037
Percentile: 0.58043

CVSS Scoring

CVSS v3.1 Score: 10.0

Severity: CRITICAL

Mapped CWE(s)

CWE-74 : Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-94 : Improper Control of Generation of Code ('Code Injection')

All CAPEC(s)

CAPEC-10: Buffer Overflow via Environment Variables
CAPEC-101: Server Side Include (SSI) Injection
CAPEC-105: HTTP Request Splitting
CAPEC-108: Command Line Execution through SQL Injection
CAPEC-120: Double Encoding
CAPEC-13: Subverting Environment Variable Values
CAPEC-135: Format String Injection
CAPEC-14: Client-side Injection-induced Buffer Overflow
CAPEC-24: Filter Failure through Buffer Overflow
CAPEC-242: Code Injection
CAPEC-250: XML Injection
CAPEC-267: Leverage Alternate Encoding
CAPEC-273: HTTP Response Smuggling
CAPEC-28: Fuzzing
CAPEC-3: Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-34: HTTP Response Splitting
CAPEC-35: Leverage Executable Code in Non-Executable Files
CAPEC-42: MIME Conversion
CAPEC-43: Exploiting Multiple Input Interpretation Layers
CAPEC-45: Buffer Overflow via Symbolic Links
CAPEC-46: Overflow Variables and Tags
CAPEC-47: Buffer Overflow via Parameter Expansion
CAPEC-51: Poison Web Service Registry
CAPEC-52: Embedding NULL Bytes
CAPEC-53: Postfix, Null Terminate, and Backslash
CAPEC-6: Argument Injection
CAPEC-64: Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-67: String Format Overflow in syslog()
CAPEC-7: Blind SQL Injection
CAPEC-71: Using Unicode Encoding to Bypass Validation Logic
CAPEC-72: URL Encoding
CAPEC-76: Manipulating Web Input to File System Calls
CAPEC-77: Manipulating User-Controlled Variables
CAPEC-78: Using Escaped Slashes in Alternate Encoding
CAPEC-79: Using Slashes in Alternate Encoding
CAPEC-8: Buffer Overflow in an API Call
CAPEC-80: Using UTF-8 Encoding to Bypass Validation Logic
CAPEC-83: XPath Injection
CAPEC-84: XQuery Injection
CAPEC-9: Buffer Overflow in Local Command-Line Utilities

CAPEC(s) with Mapped TTPs

CAPEC-13: Subverting Environment Variable Values
Mapped TTPs:
- T1562.003 : Impair Command History Logging
- T1574.006 : Dynamic Linker Hijacking
- T1574.007 : Path Interception by PATH Environment Variable
CAPEC-267: Leverage Alternate Encoding
Mapped TTPs:
- T1027 : Obfuscated Files or Information
CAPEC-35: Leverage Executable Code in Non-Executable Files
Mapped TTPs:
- T1027.006 : HTML Smuggling
- T1027.009 : Embedded Payloads
- T1564.009 : Resource Forking

Mapped ATT&CK TTPs

T1562.003 : Impair Command History Logging
Kill Chain: defense-evasion
T1574.006 : Dynamic Linker Hijacking
Kill Chain: persistence
T1574.007 : Path Interception by PATH Environment Variable
Kill Chain: persistence
T1027 : Obfuscated Files or Information
Kill Chain: defense-evasion
T1027.006 : HTML Smuggling
Kill Chain: defense-evasion
T1027.009 : Embedded Payloads
Kill Chain: defense-evasion
T1564.009 : Resource Forking
Kill Chain: defense-evasion

Malware

APTs Threat Group Associations

Campaigns

ArcaneDoor
2016 Ukraine Electric Power Attack
C0015
C0021
C0017

Affected Products

cpe:2.3:a:onedev_project:onedev:*:*:*:*:*:*:*:*

← Back to Home