PT-2026-50789 · Theonedev · Onedev
Published
2026-06-18
·
Updated
2026-06-18
·
CVE-2026-49248
CVSS v4.0
8.3
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
OneDev versions prior to 15.0.7
Description
An arbitrary file write issue exists due to symlink path traversal. The
TarUtils.untar() function creates symbolic links using the getLinkName() TAR entry without validating if the target is an absolute path. A subsequent file entry within the same archive can traverse this symlink to write to arbitrary server-side locations. This can be exploited by any authenticated user with CI Job write access without requiring administrator interaction.Recommendations
Update to version 15.0.7.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Onedev