VYPR

open build service

by Open Build Service

Source repositories

CVEs (5)

  • CVE-2014-0594HigJun 8, 2018
    risk 0.50cvss 8.8epss 0.01

    In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent.

  • CVE-2013-3703HigJun 8, 2018
    risk 0.50cvss 8.8epss 0.01

    The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data.

  • CVE-2011-3178HigMar 20, 2018
    risk 0.46cvss 8.1epss 0.01

    In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode.

  • CVE-2015-0796MedMar 2, 2018
    risk 0.34cvss 6.3epss 0.01

    In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on…

  • CVE-2017-5188MedMar 1, 2018
    risk 0.00cvss 5.0epss 0.01

    The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information.