8 matches found
SUSE CVE-2018-7689
Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions...
Design/Logic Flaw
Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689...
CVE-2018-12467
Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689...
CVE-2018-12467
Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689...
CVE-2018-7689
Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions...
CVE-2018-7689 Open Build Service arbitrary package modification
Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions...
CVE-2018-7689
The vulnerability CVE-2018-7689 affects openSUSE Open Build Service prior to version 2.9.3. The root cause is missing permission checks in the InitializeDevelPackage function, enabling authenticated users to modify packages for which they do not have write access. Impact is authenticated access t...
CVE-2018-7689
Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions...