What is CVE-2024-45309?

CVE-2024-45309 is a vulnerability in Theonedev Onedev, classified under Information Disclosure. Published 2024-10-21.

Is CVE-2024-45309 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Theonedev Onedev

CVE-2024-45309

OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9.

Vulnerability class: Information Disclosure

EPSS: 0.890 (99.5th percentile) — read the EPSS interpretation.

Affected products

Theonedev Onedev — versions < 11.0.9

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

References

https://github.com/theonedev/onedev/security/advisories/GHSA-7wg5-6864-v489 (x_refsource_CONFIRM)
https://github.com/theonedev/onedev/commit/4637aaac8c70d41aa789b7fce208b75c6a7b711f (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-45309?: CVE-2024-45309 is a vulnerability in Theonedev Onedev, classified under Information Disclosure. Published 2024-10-21.
Is CVE-2024-45309 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.