{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T01:16:30.727","vulnerabilities":[{"cve":{"id":"CVE-2021-32651","sourceIdentifier":"security-advisories@github.com","published":"2021-06-01T18:15:07.747","lastModified":"2024-11-21T06:07:27.657","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"OneDev is a development operations platform. If the LDAP external authentication mechanism is enabled in OneDev versions 4.4.1 and prior, an attacker can manipulate a user search filter to send forged queries to the application and explore the LDAP tree using Blind LDAP Injection techniques. The specific payload depends on how the User Search Filter property is configured in OneDev. This issue was fixed in version 4.4.2."},{"lang":"es","value":"OneDev es una plataforma de operaciones de desarrollo. Si el mecanismo de autenticación externa LDAP está habilitado en OneDev versiones 4.4.1 y anteriores, un atacante puede manipular un filtro de búsqueda de usuario para enviar consultas falsas hacia la aplicación y explorar el LDAP tree usando técnicas de inyección Blind LDAP. La carga útil específica depende de cómo la propiedad User Search Filter está configurada en OneDev. Este problema fue corregido en versión 4.4.2"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-90"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:onedev_project:onedev:*:*:*:*:*:*:*:*","versionEndExcluding":"4.4.2","matchCriteriaId":"36DF0039-F0C3-4536-98CF-FC08028C065F"}]}]}],"references":[{"url":"https://github.com/theonedev/onedev/commit/4440f0c57e440488d7e653417b2547eaae8ad19c","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/theonedev/onedev/security/advisories/GHSA-5864-2496-4xjf","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/theonedev/onedev/commit/4440f0c57e440488d7e653417b2547eaae8ad19c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/theonedev/onedev/security/advisories/GHSA-5864-2496-4xjf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}