OneDev
Dashboards
Projects
Global Views
Code Search
server
Code
Pull Requests
Issues
List
Boards
Iterations
Builds
Packages
Statistics
Child Projects
Audit Log
OneDev 14.1.0
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects onedev server Issues OD-230
XSS vulnerability when publish html report (OD-230)
Robin Shen opened 5 years ago

A user with permission to push code to repository may edit build spec to publish html report containing malicious javascript code or links, and other users accessing that report will be subject to XSS attack.

To solve the issue, the html report publish ability will be removed.

  • OneDev changed state to 'Closed' 5 years ago
    Previous Value Current Value 
    Open
    		 
    Closed
  • OneDev changed state to 'Released' 5 years ago
    Previous Value Current Value 
    Closed
    		 
    Released
issue 1/1
Type
Bug
Priority
Critical
Assignee
Robin Shen
Affected Versions
Not Found
Issue Votes (0)
Login to vote
Watchers (2)
Reference
OD-230
Please wait...
Connection lost or session expired, reload to recover
Page is in error, reload to recover