Opensuse Open Build Service

13 CVEs affecting Opensuse Open Build Service. Latest disclosed: 2021-02-11. Critical: 0, High: 4.

Top CVEs affecting Opensuse Open Build Service
CVESeverityScorePublishedSummary
CVE-2014-0594High8.82018-06-08In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's…
CVE-2013-3703High8.82018-06-08The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove us…
CVE-2018-7689High7.12018-06-07Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages whe…
CVE-2018-7688High7.12018-06-07A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects whe…
CVE-2018-12475Medium6.52020-09-01A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticat…
CVE-2018-12479Medium6.52018-10-09A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are o…
CVE-2020-8031Medium6.32021-02-11A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS…
CVE-2018-12474Medium5.42018-10-09Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current buil…
CVE-2020-8021Medium5.32020-05-19a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disab…
CVE-2017-5188Medium5.02018-03-01The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during b…
CVE-2018-12478Medium4.82018-10-09A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected relea…
CVE-2018-12477Low3.52018-10-09A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-servic…
CVE-2018-12473Low3.12018-10-02A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. O…