A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service login-proxy-scripts versions prior to dc000cdfe9b9b715fb92195b1a57559362f689ef.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NOpensuse Open Build Service
APPOpensuse< 2021-10-08
Powiązane podatności
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote...
Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc...
A vulnerability in open build service allows remote attackers to gain access to source files even though sourc...
In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web in...
The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Servic...