VYPR

openbuildservice

by OpenSUSE

Source repositories

CVEs (4)

  • CVE-2011-3178HigMar 20, 2018
    risk 0.46cvss 8.1epss 0.01

    In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode.

  • CVE-2018-12467MedAug 1, 2018
    risk 0.00cvss 6.0epss 0.01

    Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689.

  • CVE-2018-12466MedAug 1, 2018
    risk 0.00cvss 4.4epss 0.01

    openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.

  • CVE-2018-7689HigJun 7, 2018
    risk 0.00cvss 7.1epss 0.01

    Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions.