Auth bypass in Opensuse Open_build_service

CVE-2017-9268

In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of…

EPSS: 0.006 (44.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.4 (Medium). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2017-9268?
CVE-2017-9268 is a medium-severity vulnerability in Opensuse Open_build_service, classified under Improper Authorization. CVSS score: 4.4/10. Published 2018-03-01.
How severe is CVE-2017-9268?
Medium severity. CVSS v3 base score is 4.4 out of 10.