Lucene search
K
OpensuseOpen Build Service

22 matches found

CVE
CVE
added 2019/11/05 9:30 a.m.140 views

CVE-2019-3685

Open Build Service osc client did not validate TLS certificates for HTTPS connections before version 0.165.4. Affected components: osc binary used by Open Build Service. Impact: potential trust/security risk due to improper TLS validation (CVSS data in sources indicates high severity). Remediatio...

7.7CVSS7.6AI score0.00714EPSS
CVE
CVE
added 2018/10/02 3:0 p.m.114 views

CVE-2018-12473

The CVE-2018-12473 path-traversal exists in obs-service-tar_scm of Open Build Service. It could allow access to files outside the current build. Affected releases are openSUSE Open Build Service versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0. The issue has been addressed in security u...

7.5CVSS5.6AI score0.01817EPSS
CVE
CVE
added 2022/03/09 4:26 p.m.96 views

CVE-2021-36777

CVE-2021-36777 affects openSUSE Build service login-proxy-scripts (pre-dc000cdfe9b9b715fb92195b1a57559362f689ef). The issue is a vulnerability in the login-proxy that relies on untrusted inputs, allowing an attacker to present a user with the expected login form and then have clear-text credentia...

8.8CVSS8.3AI score0.00895EPSS
CVE
CVE
added 2022/05/03 7:50 a.m.82 views

CVE-2022-21949

CVE-2022-21949 describes an XXE vulnerability in SUSE Open Build Service (OBS) prior to version 2.10.13. The issue allows remote attackers to reference external entities during certain operations, enabling information disclosure and potential escalation to Admin privileges on OBS. Affected produc...

9CVSS8.9AI score0.01735EPSS
CVE
CVE
added 2018/06/07 1:0 p.m.73 views

CVE-2018-7689

The vulnerability CVE-2018-7689 affects openSUSE Open Build Service prior to version 2.9.3. The root cause is missing permission checks in the InitializeDevelPackage function, enabling authenticated users to modify packages for which they do not have write access. Impact is authenticated access t...

7.1CVSS6AI score0.01208EPSS
CVE
CVE
added 2018/03/01 7:0 p.m.70 views

CVE-2017-9268

Open Build Service vulnerability CVE-2017-9268: In OSS before 201707022, the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to perform operations on projects they should not access, leading to denial of service (resource consumption). Affec...

6.5CVSS5.4AI score0.00612EPSS
CVE
CVE
added 2020/05/19 2:25 p.m.67 views

CVE-2020-8021

CVE-2020-8021 concerns Open Build Service (OBS). An improper access control vulnerability allows remote attackers to read files of an OBS package where sourceaccess/access is disabled. Affected OBS versions are prior to 2.10.5. Per available documents, the remediation is to upgrade to a fixed ver...

5.3CVSS5.3AI score0.01267EPSS
CVE
CVE
added 2020/05/13 2:50 p.m.61 views

CVE-2020-8020

CVE-2020-8020 concerns an improper neutralization of input during web page generation in open-build-service, enabling remote attackers to store arbitrary JavaScript and trigger XSS. Affected: openSUSE/open-build-service versions prior to 7cc32c8e2ff7290698e101d9a80a9dc29a5500fb. Severity is mediu...

6.5CVSS6.3AI score0.00894EPSS
CVE
CVE
added 2020/09/01 11:55 a.m.59 views

CVE-2018-12475

The CVE-2018-12475 entry concerns an Externally Controlled Reference to a Resource in Another Sphere in openSUSE Open Build Service’s obs-service-download_files component. The vulnerability allows authenticated users to generate HTTP requests targeting internal networks, potentially leading to da...

6.5CVSS5.5AI score0.0061EPSS
CVE
CVE
added 2018/06/07 1:0 p.m.59 views

CVE-2018-7688

CVE-2018-7688 describes a missing permission check in the review handling of openSUSE Open Build Service prior to version 2.9.3, which could allow any authenticated user to modify sources in projects where they lack write permissions. The vulnerability affects the Open Build Service workflow and ...

7.1CVSS6.4AI score0.01101EPSS
CVE
CVE
added 2018/06/11 3:0 p.m.56 views

CVE-2011-4181

The CVE-2011-4181 entry describes a vulnerability in the SUSE Open Build Service (OBS) where remote attackers can access source files even when source access is disabled. Affected releases include OBS up to version 2.1.15 (for 2.1) and all versions prior to 2.3. Details on root cause are not prov...

7.5CVSS6.1AI score0.01441EPSS
CVE
CVE
added 2018/03/01 7:0 p.m.56 views

CVE-2017-5188

The CVE-2017-5188 vulnerability affects openSUSE/open-build-service: the bs_worker code, prior to version 20170320, followed relative symlinks to read files outside the package source directory during a build, enabling leakage of private information. Impact in the sources states potential disclos...

7.5CVSS6.3AI score0.01167EPSS
CVE
CVE
added 2021/02/11 3:10 p.m.55 views

CVE-2020-8031

CVE-2020-8031 affects Open Build Service, with versions prior to 2.10.8 vulnerable to a Cross-site Scripting issue where remote attackers can store JavaScript in markdown that is not properly escaped, impacting confidentiality and integrity. The vulnerability is tied to improper input neutralizat...

6.3CVSS5.7AI score0.00748EPSS
CVE
CVE
added 2018/08/01 3:0 p.m.53 views

CVE-2018-12466

openSUSE openbuildservice is affected (before 9.2.4). The issue allows authenticated users to delete packages on specific projects via project links. Root cause and patch details are not provided in the documents; no exploitation details are listed. No remediation information is stated.

6.5CVSS5.3AI score0.00805EPSS
CVE
CVE
added 2018/10/09 1:0 p.m.51 views

CVE-2018-12478

CVE-2018-12478 affects the Open Build Service (OBS) used by openSUSE. The vulnerability is described as an improper input validation flaw that could allow remote attackers to extract files from the system hosting OBS. Affected releases are listed as openSUSE Open Build Service with status unknown...

6.5CVSS5.8AI score0.01504EPSS
CVE
CVE
added 2018/08/01 3:0 p.m.50 views

CVE-2018-12467

Technical details about CVE-2018-12467 are not provided in the connected documents. Current records reference the vulnerability but do not disclose affected products, root cause, impact, or fixes. Monitor for updates.

6.5CVSS6.2AI score0.00645EPSS
CVE
CVE
added 2018/10/09 1:0 p.m.50 views

CVE-2018-12479

CVE-2018-12479 pertains to the Open Build Service (OBS) used in openSUSE. The vulnerability is an Improper Input Validation flaw that enables remote attackers to cause a DoS by specifying crafted request IDs. The affected releases are the Open Build Service versions prior to 01b015ca2a320afc4fae8...

7.5CVSS6.9AI score0.01745EPSS
CVE
CVE
added 2018/03/20 6:0 p.m.49 views

CVE-2011-3178

The CVE-2011-3178 entry affects the web UI of openbuildservice prior to version 2.3.0. A code injection vulnerability in the project rebuildtimes statistics could be exploited by authorized attackers to execute shellcode. Impact is described as able to run arbitrary code with the attacker’s privi...

8.8CVSS8.7AI score0.01329EPSS
CVE
CVE
added 2018/06/08 5:0 p.m.48 views

CVE-2013-3703

CVE-2013-3703 concerns the Open Build Service API controller prior to version 2.4.4. The root cause is a missing write-permission check, which allows an authenticated attacker to add or remove user roles from packages and/or project metadata. The vulnerability applies to the Open Build Service AP...

8.8CVSS6.8AI score0.00927EPSS
CVE
CVE
added 2018/06/13 1:0 p.m.47 views

CVE-2011-4183

CVE-2011-4183 concerns openSUSE/open Build Service (OBS). The vulnerability allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE Open Build Service prior to 2.1.16. Root cause details in the sources indicate a file-upload mechanism flaw that permits unauthorized RPM u...

9.8CVSS8.1AI score0.0155EPSS
CVE
CVE
added 2018/06/08 5:0 p.m.47 views

CVE-2014-0593

The CVE concerns obs-service-set_version, a script used as a source validator in the Open Build Service (OBS). In versions prior to 0.5.3-1.1 the set_version script did not properly sanitize user input, allowing code execution on the executing server. Public references in the connected documents ...

10CVSS9AI score0.01869EPSS
CVE
CVE
added 2018/06/08 5:0 p.m.45 views

CVE-2014-0594

The CVE-2014-0594 entry corresponds to the Open Build Service (OBS) before version 2.4.6, where CSRF protection was incorrectly disabled in the web interface. This allows an attacker to issue requests without user consent, with impact across confidentiality, integrity, and availability as reflect...

8.8CVSS8.8AI score0.00832EPSS