PT-2026-47160 · Onedev · Onedev
Aibot88
·
Published
2026-06-06
·
Updated
2026-06-06
·
CVE-2026-11438
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
onedev versions prior to 15.0.6
Description
Improper authorization occurs in the '/projects' file due to the manipulation of the
project.forkedFromId argument. This issue allows a remote attacker to bypass authorization controls.Recommendations
Update to version 15.0.6.
Fix
Improper Authorization
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Onedev