Metrics
Affected Vendors & Products
Mon, 08 Jun 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Sat, 06 Jun 2026 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was determined in theonedev onedev up to 15.0.5. This affects an unknown part of the file /repositories/{projectId}/default-branch of the component REST API. This manipulation of the argument project.defaultBranch causes improper authorization. It is possible to initiate the attack remotely. Upgrading to version 15.0.6 is able to mitigate this issue. Upgrading the affected component is advised. | |
| Title | theonedev REST API default-branch improper authorization | |
| First Time appeared |
Theonedev
Theonedev onedev |
|
| Weaknesses | CWE-266 CWE-285 |
|
| CPEs | cpe:2.3:a:theonedev:onedev:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Theonedev
Theonedev onedev |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published: 2026-06-06T17:30:11.510Z
Updated: 2026-06-08T16:30:48.196Z
Reserved: 2026-06-05T22:21:05.442Z
Link: CVE-2026-11440
Updated: 2026-06-08T16:30:43.461Z
Status : Deferred
Published: 2026-06-06T18:16:53.243
Modified: 2026-06-08T14:57:14.757
Link: CVE-2026-11440
No data.