Auth bypass in Opensuse Open_build_service
CVE-2017-9268
In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of…
EPSS: 0.006 (44.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.4 (Medium). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L.
Affected products
- Opensuse Open_build_service
- Suse Open Build Service — versions unspecified
Weakness classification (CWE)
References
- security@opentext.com (x_refsource_CONFIRM)
- security@opentext.com (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2017-9268?
- CVE-2017-9268 is a medium-severity vulnerability in Opensuse Open_build_service, classified under Improper Authorization. CVSS score: 4.4/10. Published 2018-03-01.
- How severe is CVE-2017-9268?
- Medium severity. CVSS v3 base score is 4.4 out of 10.