OneDev
Dashboards
Projects
Pull Requests
Issues
Builds
Packages
Code Search
server
Code
Pull Requests
Issues
List
Boards
Milestones
Builds
Packages
Statistics
Child Projects
OneDev 10.4.0
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects onedev server Issues #230
#230  XSS vulnerability when publish html report
Released
Robin Shen opened 3 years ago

A user with permission to push code to repository may edit build spec to publish html report containing malicious javascript code or links, and other users accessing that report will be subject to XSS attack.

To solve the issue, the html report publish ability will be removed.
OneDev changed state to 'Closed' 3 years ago
Previous Value Current Value 
Open
 
Closed
OneDev changed state to 'Released' 3 years ago
Previous Value Current Value 
Closed
 
Released
issue 1 of 1
Type
Bug
Priority
Critical
Assignee
Robin Shen
Affected Versions
Not Found
Issue Votes (0)
Login to vote
Watchers (2)
Reference
onedev/server#230
Please wait...
Page is in error, reload to recover