Lucene search

MicrofocusCVELIST:CVE-2011-3178

HistoryMar 20, 2018 - 6:00 p.m.

CVE-2011-3178 openbuildservice webui code injection

2018-03-2018:00:00

CWE-78

microfocus

www.cve.org

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

42.2%

JSON

In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode.

CNA Affected

[
  {
    "product": "openbuildservice",
    "vendor": "opensuse",
    "versions": [
      {
        "lessThan": "2.3.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

bugzilla.suse.com/show_bug.cgi?id=723788

github.com/openSUSE/open-build-service/commit/cbfe2ed36dd77c0843702935dea7f914bb599201

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

42.2%

JSON

Related for CVELIST:CVE-2011-3178