HIGH🇬🇧 English

CVE-2014-0593

CVSS 7.8v3.0pub. 2018-06-08upd. 2024-11-21

The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the executing server.

oryginał EN
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Opensuse Open Build Service

    OS
    Opensuse
    0.5.3 – 1.1 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCECommand Injection
CWE
Referencje

Powiązane podatności

CVE-2022-21949HIGH8.8ten sam produkt

A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote...

CVE-2021-36777HIGH8.1ten sam produkt

A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build s...

CVE-2019-3685HIGH7.4ten sam produkt

Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc...

CVE-2011-4181HIGH7.5ten sam produkt

A vulnerability in open build service allows remote attackers to gain access to source files even though sourc...

CVE-2014-0594HIGH8.8ten sam produkt

In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web in...

CVE-2014-0593 — HIGH 7.8 | CVEbaza.pl