openbuildservice
by OpenSUSE
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-3178 | Hig | 0.46 | 8.1 | 0.01 | Mar 20, 2018 | In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode. | ||
| CVE-2018-12467 | Med | 0.00 | 6.0 | 0.01 | Aug 1, 2018 | Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689. | ||
| CVE-2018-12466 | Med | 0.00 | 4.4 | 0.01 | Aug 1, 2018 | openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links. | ||
| CVE-2018-7689 | Hig | 0.00 | 7.1 | 0.01 | Jun 7, 2018 | Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions. |
- risk 0.46cvss 8.1epss 0.01
In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode.
- risk 0.00cvss 6.0epss 0.01
Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689.
- risk 0.00cvss 4.4epss 0.01
openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.
- risk 0.00cvss 7.1epss 0.01
Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions.