Emilytrau

**Name of the Vulnerable Software and Affected Versions** Onedev versions prior to 7.9.12 **Description** Onedev is a self-hosted Git Server with CI/CD and Kanban. The algorithm used to generate access token and password reset keys was not cryptographically secure in versions prior to 7.9.12. Existing normal users, or everyone if self-registration is allowed, may exploit this to elevate their privilege and obtain administrator permission. **Recommendations** For versions prior to 7.9.12, upgrade to version 7.9.12 to address the issue. As a temporary workaround, consider restricting self-registration and closely monitoring user activities until the upgrade is applied. There are no known workarounds for this issue other than upgrading to the fixed version.