Opensuse Open_build_service

22 CVEs affecting Opensuse Open_build_service. Latest disclosed: 2022-05-03. Critical: 0, High: 10.

Top CVEs affecting Opensuse Open_build_service
CVESeverityScorePublishedSummary
CVE-2022-21949High8.82022-05-03A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in cert…
CVE-2014-0594High8.82018-06-08In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's…
CVE-2013-3703High8.82018-06-08The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove us…
CVE-2021-36777High8.12022-03-09A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a…
CVE-2011-3178High8.12018-03-20In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute she…
CVE-2014-0593High7.82018-06-08The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this scri…
CVE-2011-4181High7.52018-06-11A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE…
CVE-2019-3685High7.42019-11-05Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary
CVE-2018-7689High7.12018-06-07Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages whe…
CVE-2018-7688High7.12018-06-07A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects whe…
CVE-2018-12475Medium6.52020-09-01A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticat…
CVE-2020-8020Medium6.52020-05-13A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause X…
CVE-2018-12479Medium6.52018-10-09A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are o…
CVE-2011-4183Medium6.52018-06-13A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16.
CVE-2020-8031Medium6.32021-02-11A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS…
CVE-2018-12467Medium6.02018-08-01Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage…
CVE-2020-8021Medium5.32020-05-19a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disab…
CVE-2017-5188Medium5.02018-03-01The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during b…
CVE-2018-12478Medium4.82018-10-09A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected relea…
CVE-2018-12466Medium4.42018-08-01openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.