Opensuse Open_build_service
22 CVEs affecting Opensuse Open_build_service. Latest disclosed: 2022-05-03. Critical: 0, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-21949 | High | 8.8 | 2022-05-03 | A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in cert… |
CVE-2014-0594 | High | 8.8 | 2018-06-08 | In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's… |
CVE-2013-3703 | High | 8.8 | 2018-06-08 | The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove us… |
CVE-2021-36777 | High | 8.1 | 2022-03-09 | A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a… |
CVE-2011-3178 | High | 8.1 | 2018-03-20 | In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute she… |
CVE-2014-0593 | High | 7.8 | 2018-06-08 | The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this scri… |
CVE-2011-4181 | High | 7.5 | 2018-06-11 | A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE… |
CVE-2019-3685 | High | 7.4 | 2019-11-05 | Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary |
CVE-2018-7689 | High | 7.1 | 2018-06-07 | Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages whe… |
CVE-2018-7688 | High | 7.1 | 2018-06-07 | A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects whe… |
CVE-2018-12475 | Medium | 6.5 | 2020-09-01 | A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticat… |
CVE-2020-8020 | Medium | 6.5 | 2020-05-13 | A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause X… |
CVE-2018-12479 | Medium | 6.5 | 2018-10-09 | A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are o… |
CVE-2011-4183 | Medium | 6.5 | 2018-06-13 | A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16. |
CVE-2020-8031 | Medium | 6.3 | 2021-02-11 | A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS… |
CVE-2018-12467 | Medium | 6.0 | 2018-08-01 | Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage… |
CVE-2020-8021 | Medium | 5.3 | 2020-05-19 | a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disab… |
CVE-2017-5188 | Medium | 5.0 | 2018-03-01 | The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during b… |
CVE-2018-12478 | Medium | 4.8 | 2018-10-09 | A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected relea… |
CVE-2018-12466 | Medium | 4.4 | 2018-08-01 | openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links. |