Lucene search

MicrofocusCVELIST:CVE-2018-12466

HistoryAug 01, 2018 - 3:00 p.m.

CVE-2018-12466 openbuildservice allowed deleting packages via project links

2018-08-0115:00:00

CWE-285

microfocus

www.cve.org

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

30.9%

JSON

openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.

CNA Affected

[
  {
    "product": "openbuildservice",
    "vendor": "opensuse",
    "versions": [
      {
        "lessThanOrEqual": "2.9.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/104958

bugzilla.suse.com/show_bug.cgi?id=CVE-2018-12466

github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

30.9%

JSON

Related for CVELIST:CVE-2018-12466