A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges on OBS. This issue affects: SUSE Open Build Service Open Build Service versions prior to 2.10.13.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HOpensuse Open Build Service
APPOpensuse< 2.10.13
Powiązane podatności
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build s...
Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc...
A vulnerability in open build service allows remote attackers to gain access to source files even though sourc...
In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web in...
The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Servic...