CVE-2024-45309

Name of the Vulnerable Software and Affected Versions: OneDev versions prior to 11.0.9

Description: A vulnerability in OneDev allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9. The vulnerability is related to insufficient protection of internal data, which could allow a remote attacker to read arbitrary files, potentially exposing sensitive information.

Recommendations: For versions prior to 11.0.9, update to version 11.0.9 to patch this issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation. Avoid using the OneDev server process to access sensitive files until the issue is resolved.