Opensuse Open Build Service — known CVE vulnerabilities
Every CVE whose affected-product data names Opensuse Open Build Service, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2013-3703 — CVSS 8.8 (high): The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker…
CVE-2022-21949 — CVSS 8.8 (high): A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference…
CVE-2014-0594 — CVSS 8.8 (high): In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for…
CVE-2011-3178 — CVSS 8.1 (high): In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized…
CVE-2021-36777 — CVSS 8.1 (high): A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to…
CVE-2014-0593 — CVSS 7.8 (high): The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to…
CVE-2011-4181 — CVSS 7.5 (high): A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled…
CVE-2019-3685 — CVSS 7.4 (high): Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary
CVE-2018-7688 — CVSS 7.1 (high): A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify…
CVE-2018-7689 — CVSS 7.1 (high): Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to…
CVE-2018-12479 — CVSS 6.5 (medium): A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs…
CVE-2018-12475 — CVSS 6.5 (medium): A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build…
CVE-2011-4183 — CVSS 6.5 (medium): A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service…
CVE-2020-8020 — CVSS 6.5 (medium): A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store…
CVE-2020-8031 — CVSS 6.3 (medium): A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote…
CVE-2018-12467 — CVSS 6.0 (medium): Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the…
CVE-2020-8021 — CVSS 5.3 (medium): a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the…
CVE-2017-5188 — CVSS 5.0 (medium): The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package…
CVE-2018-12478 — CVSS 4.8 (medium): A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service…
CVE-2017-9268 — CVSS 4.4 (medium): In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing…
CVE-2018-12466 — CVSS 4.4 (medium): openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.
CVE-2018-12473 — CVSS 3.1 (low): A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in…