Opensuse Open Build Service
13 CVEs affecting Opensuse Open Build Service. Latest disclosed: 2021-02-11. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2014-0594 | High | 8.8 | 2018-06-08 | In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's… |
CVE-2013-3703 | High | 8.8 | 2018-06-08 | The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove us… |
CVE-2018-7689 | High | 7.1 | 2018-06-07 | Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages whe… |
CVE-2018-7688 | High | 7.1 | 2018-06-07 | A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects whe… |
CVE-2018-12475 | Medium | 6.5 | 2020-09-01 | A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticat… |
CVE-2018-12479 | Medium | 6.5 | 2018-10-09 | A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are o… |
CVE-2020-8031 | Medium | 6.3 | 2021-02-11 | A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS… |
CVE-2018-12474 | Medium | 5.4 | 2018-10-09 | Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current buil… |
CVE-2020-8021 | Medium | 5.3 | 2020-05-19 | a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disab… |
CVE-2017-5188 | Medium | 5.0 | 2018-03-01 | The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during b… |
CVE-2018-12478 | Medium | 4.8 | 2018-10-09 | A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected relea… |
CVE-2018-12477 | Low | 3.5 | 2018-10-09 | A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-servic… |
CVE-2018-12473 | Low | 3.1 | 2018-10-02 | A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. O… |