The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HOpensuse Open Build Service
APPOpensuse2.4.0 – 2.4.4 (bez)
Powiązane podatności
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote...
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build s...
Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc...
A vulnerability in open build service allows remote attackers to gain access to source files even though sourc...
In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web in...