Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-2545-1:131A1
HistoryFeb 03, 2021 - 12:30 p.m.

[SECURITY] [DLA 2545-1] open-build-service security update

2021-02-0312:30:50
lists.debian.org
28

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.3%

JSON

Debian LTS Advisory DLA-2545-1 [email protected]
https://www.debian.org/lts/security/ Utkarsh Gupta
February 03, 2021 https://wiki.debian.org/LTS

Package : open-build-service
Version : 2.7.1-10+deb9u1
CVE ID : CVE-2020-8020 CVE-2020-8021

CVE-2020-8020

An improper neutralization of input during web page generation
vulnerability in open-build-service allows remote attackers to
store arbitrary JS code to cause XSS.

CVE-2020-8021

An improper access control vulnerability in open-build-service
allows remote attackers to read files of an OBS package where
the sourceaccess/access is disabled.

For Debian 9 stretch, these problems have been fixed in version
2.7.1-10+deb9u1.

We recommend that you upgrade your open-build-service packages.

For the detailed security status of open-build-service please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/open-build-service

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Related

osv 2
openvas 1
nessus 1
cvelist 2
nvd 2
cve 2
debiancve 2
ubuntucve 2
prion 2
osv
osv
open-build-service - security update
2021-02-03 00:00:00
CVE-2020-8021
2020-05-19 15:15:12
openvas
openvas
Debian: Security Advisory (DLA-2545-1)
2021-02-04 00:00:00
nessus
nessus
Debian DLA-2545-1 : open-build-service security update
2021-02-04 00:00:00
cvelist
cvelist
CVE-2020-8021 unauthorized read access to files where sourceaccess is disabled via a crafted _service file in Open Build Service
2020-05-19 00:00:00
CVE-2020-8020 Persistent XSS in markdown parser used by obs-server
2020-05-13 00:00:00
nvd
nvd
CVE-2020-8021
2020-05-19 15:15:12
CVE-2020-8020
2020-05-13 15:15:11
cve
cve
CVE-2020-8021
2020-05-19 15:15:12
CVE-2020-8020
2020-05-13 15:15:11
debiancve
debiancve
CVE-2020-8021
2020-05-19 15:15:12
CVE-2020-8020
2020-05-13 15:15:11
ubuntucve
ubuntucve
CVE-2020-8020
2020-05-13 00:00:00
CVE-2020-8021
2020-05-19 00:00:00
prion
prion
Improper access control
2020-05-19 15:15:00
Design/Logic Flaw
2020-05-13 15:15:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.3%

JSON
Related for DEBIAN:DLA-2545-1:131A1
osv2openvas1nessus1cvelist2nvd2cve2debiancve2ubuntucve2prion2