Total
22 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-7689 | 1 Opensuse | 1 Open Build Service | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions. | |||||
CVE-2013-3703 | 1 Opensuse | 1 Open Build Service | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data. |