Cyber Resilience

CVE-2021-32651

LowPublic PoC

Published: 01 June 2021

Published
01 June 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.0025 48.2th percentile
Risk Priority 6 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-32651 is a low-severity LDAP Injection (CWE-90) vulnerability in Onedev Project Onedev. Its CVSS base score is 3.1 (Low).

Operationally, ranked at the 48.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

OneDev is a development operations platform. If the LDAP external authentication mechanism is enabled in OneDev versions 4.4.1 and prior, an attacker can manipulate a user search filter to send forged queries to the application and explore the LDAP tree…

more

using Blind LDAP Injection techniques. The specific payload depends on how the User Search Filter property is configured in OneDev. This issue was fixed in version 4.4.2.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

onedev project
onedev
≤ 4.4.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References