Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
obs-service-download_files allows downloading from localhost or intranet hosts
Vulnerability Description
A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. This issue affects: openSUSE Open Build Service .
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
资源在另一范围的外部可控制索引
Vulnerability Title
Open Build Service和SUSE openSUSE 信息泄露漏洞
Vulnerability Description
Open Build Service(OBS)是一套通用的、以自动、一致和可重复的方式从源代码构建和分发软件包的系统。openSUSE是德国SUSE公司的一套基于Linux的自由操作系统与开源社区项目。 openSUSE Open Build service的obs-service-download_文件外部控制引用漏洞,攻击者通过身份验证的用户针对内部网络生成HTTP请求,并可能下载暴露敏感数据。
CVSS Information
N/A
Vulnerability Type
N/A