open build service
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-0594 | Hig | 0.50 | 8.8 | 0.01 | Jun 8, 2018 | In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent. | ||
| CVE-2013-3703 | Hig | 0.50 | 8.8 | 0.01 | Jun 8, 2018 | The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data. | ||
| CVE-2011-3178 | Hig | 0.46 | 8.1 | 0.01 | Mar 20, 2018 | In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode. | ||
| CVE-2015-0796 | Med | 0.34 | 6.3 | 0.01 | Mar 2, 2018 | In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on… | ||
| CVE-2017-5188 | Med | 0.00 | 5.0 | 0.01 | Mar 1, 2018 | The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information. |
- risk 0.50cvss 8.8epss 0.01
In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent.
- risk 0.50cvss 8.8epss 0.01
The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data.
- risk 0.46cvss 8.1epss 0.01
In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode.
- risk 0.34cvss 6.3epss 0.01
In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on…
- risk 0.00cvss 5.0epss 0.01
The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information.