openbuildservice
by OpenSUSE
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-12475 | 0.00 | — | 0.00 | Sep 1, 2020 | A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. This… | |||
| CVE-2018-12473 | 0.00 | — | 0.00 | Oct 2, 2018 | A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build… | |||
| CVE-2018-12466 | 0.00 | — | 0.00 | Aug 1, 2018 | openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links. | |||
| CVE-2018-7689 | 0.00 | — | 0.00 | Jun 7, 2018 | Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions. | |||
| CVE-2015-0796 | 0.00 | — | 0.00 | Mar 2, 2018 | In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on… | |||
| CVE-2017-5188 | 0.00 | — | 0.00 | Mar 1, 2018 | The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information. |
- CVE-2018-12475Sep 1, 2020risk 0.00cvss —epss 0.00
A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. This…
- CVE-2018-12473Oct 2, 2018risk 0.00cvss —epss 0.00
A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build…
- CVE-2018-12466Aug 1, 2018risk 0.00cvss —epss 0.00
openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.
- CVE-2018-7689Jun 7, 2018risk 0.00cvss —epss 0.00
Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions.
- CVE-2015-0796Mar 2, 2018risk 0.00cvss —epss 0.00
In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on…
- CVE-2017-5188Mar 1, 2018risk 0.00cvss —epss 0.00
The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information.