Impact
As long as a user is allowed to push to a repository, the user can edit build spec of his branch to publish arbitrary content as html report during build. This leads to XSS vulnerability when other users views the html report via OneDev web interface.
Patches
This issue has been fixed in 4.1.3 by removing the html report publish ability
Impact
As long as a user is allowed to push to a repository, the user can edit build spec of his branch to publish arbitrary content as html report during build. This leads to XSS vulnerability when other users views the html report via OneDev web interface.
Patches
This issue has been fixed in 4.1.3 by removing the html report publish ability