Onedev · Onedev · CVE-2022-38301
**Name of the Vulnerable Software and Affected Versions**
Onedev version 7.4.14
**Description**
The issue allows attackers to access restricted files and directories by uploading a crafted JAR file into the "/opt/onedev/lib" directory, which is a path traversal vulnerability.
**Recommendations**
For Onedev version 7.4.14, consider restricting access to the "/opt/onedev/lib" directory to prevent uploading of crafted JAR files until a patch is available.