What is CVE-2021-32651?

CVE-2021-32651 is a low-severity vulnerability in Theonedev Onedev, classified under LDAP Injection. CVSS score: 3.1/10. Published 2021-06-01.

How severe is CVE-2021-32651?

Low severity. CVSS v3 base score is 3.1 out of 10.

LDAP Injection in Theonedev Onedev

CVE-2021-32651

OneDev is a development operations platform. If the LDAP external authentication mechanism is enabled in OneDev versions 4.4.1 and prior, an attacker can manipulate a user search filter to send forged queries to the application and explore…

EPSS: 0.002 (48.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.1 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Theonedev Onedev — versions <= 4.4.1

Weakness classification (CWE)

CWE-90 — LDAP Injection

References

github.com/theonedev/onedev/security/advisories/GHSA-5864-2496-4xjf (x_refsource_CONFIRM)
github.com/theonedev/onedev/commit/4440f0c57e440488d7e653417b2547eaae8ad19c (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-32651?: CVE-2021-32651 is a low-severity vulnerability in Theonedev Onedev, classified under LDAP Injection. CVSS score: 3.1/10. Published 2021-06-01.
How severe is CVE-2021-32651?: Low severity. CVSS v3 base score is 3.1 out of 10.