13 matches found
CVE-2019-3685
Open Build Service osc client did not validate TLS certificates for HTTPS connections before version 0.165.4. Affected components: osc binary used by Open Build Service. Impact: potential trust/security risk due to improper TLS validation (CVSS data in sources indicates high severity). Remediatio...
CVE-2021-36777
CVE-2021-36777 affects openSUSE Build service login-proxy-scripts (pre-dc000cdfe9b9b715fb92195b1a57559362f689ef). The issue is a vulnerability in the login-proxy that relies on untrusted inputs, allowing an attacker to present a user with the expected login form and then have clear-text credentia...
CVE-2022-21949
CVE-2022-21949 describes an XXE vulnerability in SUSE Open Build Service (OBS) prior to version 2.10.13. The issue allows remote attackers to reference external entities during certain operations, enabling information disclosure and potential escalation to Admin privileges on OBS. Affected produc...
CVE-2018-7689
The vulnerability CVE-2018-7689 affects openSUSE Open Build Service prior to version 2.9.3. The root cause is missing permission checks in the InitializeDevelPackage function, enabling authenticated users to modify packages for which they do not have write access. Impact is authenticated access t...
CVE-2020-8021
CVE-2020-8021 concerns Open Build Service (OBS). An improper access control vulnerability allows remote attackers to read files of an OBS package where sourceaccess/access is disabled. Affected OBS versions are prior to 2.10.5. Per available documents, the remediation is to upgrade to a fixed ver...
CVE-2020-8020
CVE-2020-8020 concerns an improper neutralization of input during web page generation in open-build-service, enabling remote attackers to store arbitrary JavaScript and trigger XSS. Affected: openSUSE/open-build-service versions prior to 7cc32c8e2ff7290698e101d9a80a9dc29a5500fb. Severity is mediu...
CVE-2018-7688
CVE-2018-7688 describes a missing permission check in the review handling of openSUSE Open Build Service prior to version 2.9.3, which could allow any authenticated user to modify sources in projects where they lack write permissions. The vulnerability affects the Open Build Service workflow and ...
CVE-2020-8031
CVE-2020-8031 affects Open Build Service, with versions prior to 2.10.8 vulnerable to a Cross-site Scripting issue where remote attackers can store JavaScript in markdown that is not properly escaped, impacting confidentiality and integrity. The vulnerability is tied to improper input neutralizat...
CVE-2018-12466
openSUSE openbuildservice is affected (before 9.2.4). The issue allows authenticated users to delete packages on specific projects via project links. Root cause and patch details are not provided in the documents; no exploitation details are listed. No remediation information is stated.
CVE-2011-3178
The CVE-2011-3178 entry affects the web UI of openbuildservice prior to version 2.3.0. A code injection vulnerability in the project rebuildtimes statistics could be exploited by authorized attackers to execute shellcode. Impact is described as able to run arbitrary code with the attacker’s privi...
CVE-2018-12467
Technical details about CVE-2018-12467 are not provided in the connected documents. Current records reference the vulnerability but do not disclose affected products, root cause, impact, or fixes. Monitor for updates.
CVE-2011-4183
CVE-2011-4183 concerns openSUSE/open Build Service (OBS). The vulnerability allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE Open Build Service prior to 2.1.16. Root cause details in the sources indicate a file-upload mechanism flaw that permits unauthorized RPM u...
CVE-2014-0594
The CVE-2014-0594 entry corresponds to the Open Build Service (OBS) before version 2.4.6, where CSRF protection was incorrectly disabled in the web interface. This allows an attacker to issue requests without user consent, with impact across confidentiality, integrity, and availability as reflect...