Skip to main content

Open Build Service

11 CVEs product

Monthly

CVE-2022-21949 HIGH This Week

A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Open Build Service
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-8021 MEDIUM POC This Month

a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Open Build Service Debian Linux
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-8020 MEDIUM This Month

A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Build Service Debian Linux
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-3685 HIGH POC This Week

Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Open Build Service
NVD
CVSS 3.1
7.7
EPSS
0.7%
CVE-2018-12479 HIGH This Week

A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Build Service
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-12478 MEDIUM This Month

A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Build Service
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-12473 HIGH This Week

A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Open Build Service
NVD GitHub
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-12467 MEDIUM This Month

Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Open Build Service
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-12466 MEDIUM This Month

openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Open Build Service
NVD GitHub
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-7689 MEDIUM This Month

Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Open Build Service
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-7688 MEDIUM This Month

A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Open Build Service
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
EPSS 2% CVSS 8.8
HIGH This Week

A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Open Build Service
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Open Build Service Debian Linux
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Build Service Debian Linux
NVD
EPSS 1% CVSS 7.7
HIGH POC This Week

Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Open Build Service
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Build Service
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Build Service
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Open Build Service
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Open Build Service
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Open Build Service
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Open Build Service
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Open Build Service
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy