Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Open Build Service — Vulnerabilities & Security Advisories 19

All 19 CVE vulnerabilities found in Open Build Service, with AI-generated Chinese analysis, references, and POCs.

Vendor: SUSE

CVE IDTitleCVSSSeverityPaused
CVE-2022-21949 Multiple XXE vulnerabilities in OBS CWE-611 8.8 High2022-05-03
CVE-2020-8031 obs: Stored XSS CWE-79 6.3 Medium2021-02-11
CVE-2018-12475 obs-service-download_files allows downloading from localhost or intranet hosts CWE-610 6.5 Medium2020-09-01
CVE-2020-8021 unauthorized read access to files where sourceaccess is disabled via a crafted _service file in Open Build Service CWE-269 5.3 Medium2020-05-19
CVE-2019-3685 Missing TLS certificate validation for HTTPS connections in osc CWE-295 7.4 High2019-11-05
CVE-2018-12474 Crafted service parameters allows to induce unexpected behaviour in obs-service-tar_scm CWE-20 8.8 -2018-10-09
CVE-2018-12477 obs-service-refresh_patches can be tricked into deleting '..' or other unrelated directories CWE-93 6.5 -2018-10-09
CVE-2018-12478 obs-service-replace_using_package_version allows to specify arbitrary input files CWE-20 6.5 -2018-10-09
CVE-2018-12479 Request controller allows to create requests with arbitrary request IDs CWE-20 7.5 -2018-10-09
CVE-2018-12473 path traversal in obs-service-tar_scm CWE-23 7.5 -2018-10-02
CVE-2011-4183 open build service allows anyone to upload rpms CWE-862 9.8 -2018-06-13
CVE-2011-4181 open build service information leak via unauthorized source access CWE-284 7.5 -2018-06-11
CVE-2014-0594 CSRF protection incorrectly disabled CWE-352 8.8 -2018-06-08
CVE-2013-3703 No write permission check in change_role command CWE-862 6.5 -2018-06-08
CVE-2018-7688 Open Build Service accepts arbitrary reviews CWE-862 6.5 -2018-06-07
CVE-2018-7689 Open Build Service arbitrary package modification CWE-862 6.5 -2018-06-07
CVE-2015-0796 open build service source server symlink exploitation via source patch 7.7 -2018-03-02
CVE-2017-5188 OBS worker VM escape via relative symbolic links 6.5 -2018-03-01
CVE-2017-9268 open-build-service retrigger / wipebinaries hitting the wrong project bypassing access permissions 6.5 -2018-03-01

All 19 known CVE vulnerabilities affecting Open Build Service with full Chinese analysis, references, and POCs where available.