Web: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39205

Sept. 13, 2022, 7:15 p.m. |

National Vulnerability Database nist.gov

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. In versions of Onedev prior to 7.3.0 unauthenticated users can take over a OneDev instance if there is no properly configured reverse proxy. The /git-prereceive-callback endpoint is used by the pre-receive git hook on the server to check for branch protections during a push event. It is only intended to be accessed from localhost, but the check relies on the X-Forwarded-For header. Invoking this endpoint leads to the …

cve

Cybersecurity Engineer

@ Apercen Partners LLC | Folsom, CA

IDM Sr. Security Developer

@ The Ohio State University | Columbus, OH, United States

IT Security Engineer

@ Stylitics | New York City

Information Security Engineer

@ VDA Labs | Remote

Information Security Analyst

@ Metropolitan Transportation Commission | San Francisco, CA

Product Security Engineer (SSDL)

@ ServiceNow | Denver, Colorado, United States

Application Security Sales Specialist

@ Dynatrace | Munich, Germany

Threat Intelligence Response Analyst

@ Recorded Future, Inc. | London

IT Security Analyst

@ Docebo | Toronto, Ontario

Software Engineer - Perception and Threat Assessment - XC

@ Bosch Group | Plymouth, MI, United States

Sr. Cyber Incident Response Analyst

@ Experian | Heredia, Costa Rica

Manager, DT GRC (Governance, Risk, And compliance)

@ ServiceNow | Austin, Texas, United States