Lucene search
K
OpensuseOpen Build Service*

13 matches found

CVE
CVE
added 2019/11/05 9:30 a.m.140 views

CVE-2019-3685

Open Build Service osc client did not validate TLS certificates for HTTPS connections before version 0.165.4. Affected components: osc binary used by Open Build Service. Impact: potential trust/security risk due to improper TLS validation (CVSS data in sources indicates high severity). Remediatio...

7.7CVSS7.6AI score0.00714EPSS
CVE
CVE
added 2022/03/09 4:26 p.m.98 views

CVE-2021-36777

CVE-2021-36777 affects openSUSE Build service login-proxy-scripts (pre-dc000cdfe9b9b715fb92195b1a57559362f689ef). The issue is a vulnerability in the login-proxy that relies on untrusted inputs, allowing an attacker to present a user with the expected login form and then have clear-text credentia...

8.8CVSS8.3AI score0.00895EPSS
CVE
CVE
added 2022/05/03 7:50 a.m.82 views

CVE-2022-21949

CVE-2022-21949 describes an XXE vulnerability in SUSE Open Build Service (OBS) prior to version 2.10.13. The issue allows remote attackers to reference external entities during certain operations, enabling information disclosure and potential escalation to Admin privileges on OBS. Affected produc...

9CVSS8.9AI score0.01735EPSS
CVE
CVE
added 2018/06/07 1:0 p.m.74 views

CVE-2018-7689

The vulnerability CVE-2018-7689 affects openSUSE Open Build Service prior to version 2.9.3. The root cause is missing permission checks in the InitializeDevelPackage function, enabling authenticated users to modify packages for which they do not have write access. Impact is authenticated access t...

7.1CVSS6AI score0.01208EPSS
CVE
CVE
added 2020/05/19 2:25 p.m.67 views

CVE-2020-8021

CVE-2020-8021 concerns Open Build Service (OBS). An improper access control vulnerability allows remote attackers to read files of an OBS package where sourceaccess/access is disabled. Affected OBS versions are prior to 2.10.5. Per available documents, the remediation is to upgrade to a fixed ver...

5.3CVSS5.3AI score0.01267EPSS
CVE
CVE
added 2020/05/13 2:50 p.m.61 views

CVE-2020-8020

CVE-2020-8020 concerns an improper neutralization of input during web page generation in open-build-service, enabling remote attackers to store arbitrary JavaScript and trigger XSS. Affected: openSUSE/open-build-service versions prior to 7cc32c8e2ff7290698e101d9a80a9dc29a5500fb. Severity is mediu...

6.5CVSS6.3AI score0.00894EPSS
CVE
CVE
added 2018/06/07 1:0 p.m.59 views

CVE-2018-7688

CVE-2018-7688 describes a missing permission check in the review handling of openSUSE Open Build Service prior to version 2.9.3, which could allow any authenticated user to modify sources in projects where they lack write permissions. The vulnerability affects the Open Build Service workflow and ...

7.1CVSS6.4AI score0.01101EPSS
CVE
CVE
added 2021/02/11 3:10 p.m.56 views

CVE-2020-8031

CVE-2020-8031 affects Open Build Service, with versions prior to 2.10.8 vulnerable to a Cross-site Scripting issue where remote attackers can store JavaScript in markdown that is not properly escaped, impacting confidentiality and integrity. The vulnerability is tied to improper input neutralizat...

6.3CVSS5.7AI score0.00748EPSS
CVE
CVE
added 2018/08/01 3:0 p.m.53 views

CVE-2018-12466

openSUSE openbuildservice is affected (before 9.2.4). The issue allows authenticated users to delete packages on specific projects via project links. Root cause and patch details are not provided in the documents; no exploitation details are listed. No remediation information is stated.

6.5CVSS5.3AI score0.00805EPSS
CVE
CVE
added 2018/03/20 6:0 p.m.50 views

CVE-2011-3178

The CVE-2011-3178 entry affects the web UI of openbuildservice prior to version 2.3.0. A code injection vulnerability in the project rebuildtimes statistics could be exploited by authorized attackers to execute shellcode. Impact is described as able to run arbitrary code with the attacker’s privi...

8.8CVSS8.7AI score0.01329EPSS
CVE
CVE
added 2018/08/01 3:0 p.m.50 views

CVE-2018-12467

Technical details about CVE-2018-12467 are not provided in the connected documents. Current records reference the vulnerability but do not disclose affected products, root cause, impact, or fixes. Monitor for updates.

6.5CVSS6.2AI score0.00645EPSS
CVE
CVE
added 2018/06/13 1:0 p.m.47 views

CVE-2011-4183

CVE-2011-4183 concerns openSUSE/open Build Service (OBS). The vulnerability allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE Open Build Service prior to 2.1.16. Root cause details in the sources indicate a file-upload mechanism flaw that permits unauthorized RPM u...

9.8CVSS8.1AI score0.0155EPSS
CVE
CVE
added 2018/06/08 5:0 p.m.45 views

CVE-2014-0594

The CVE-2014-0594 entry corresponds to the Open Build Service (OBS) before version 2.4.6, where CSRF protection was incorrectly disabled in the web interface. This allows an attacker to issue requests without user consent, with impact across confidentiality, integrity, and availability as reflect...

8.8CVSS8.8AI score0.00832EPSS