Open Build Service Security Vulnerabilities and Issues — Open Build Service CVE List

Lucene search

OpensuseOpen Build Service

4 matches found

CVE•added 2022/03/09 5:15 p.m.•81 views

CVE-2021-36777

A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service l...

8.8CVSS8.3AI score0.00291EPSS

CVE•added 2018/03/20 6:29 p.m.•40 views

CVE-2011-3178

In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode.

8.8CVSS8.7AI score0.00333EPSS

CVE•added 2018/06/08 5:29 p.m.•37 views

CVE-2013-3703

The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data.

8.8CVSS6.8AI score0.00298EPSS

CVE•added 2018/06/08 5:29 p.m.•33 views

CVE-2014-0594

In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent.

8.8CVSS8.8AI score0.00141EPSS