← volver
CVE-2018-7688

Open Build Service accepts arbitrary reviews

CVSS 7.1 HIGHEPSS 1.1%CWE-862
A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Productos afectados
openSUSE · Open Build Service

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-7688https://github.com/openSUSE/open-build-service/commit/b15cf19e9e01115f653c76ffdc8f54cd97566553https://lists.opensuse.org/opensuse-buildservice/2018-06/msg00014.html