CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12479 – Request controller allows to create requests with arbitrary request IDs
https://notcve.org/view.php?id=CVE-2018-12479
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df. Una vulnerabilidad de validación de entradas incorrecta en Open Build Service permite que los atacantes remotos provoquen una denegación de servicio (DoS) especificando ID de petición manipulados. Las versiones afectadas son openSUSE Open Build Service en versiones anteriores a la 01b015ca2a320afc4fae823465d1e72da8bd60df. • https://bugzilla.suse.com/show_bug.cgi?id=1108435 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12466 – openbuildservice allowed deleting packages via project links
https://notcve.org/view.php?id=CVE-2018-12466
openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links. CVE-2018-12466 openSUSE openbuildservice en versiones anteriores a la 9.2.4 permitía que usuarios autenticados eliminasen paquetes en proyectos específicos con enlaces de proyecto. • http://www.securityfocus.com/bid/104958 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-12466 https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063 • CWE-285: Improper Authorization CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12467 – delete package via link exploit in open buildservice
https://notcve.org/view.php?id=CVE-2018-12467
Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689. Los usuarios autorizados de openbuildservice en versiones anteriores a la 2.9.4 podrían eliminar paquetes empleando una petición maliciosa contra los proyectos que tienen el atributo OBS:InitializeDevelPackage. Este problema es similar a CVE-2018-7689. • https://bugzilla.suse.com/show_bug.cgi?id=1100217 https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063 • CWE-285: Improper Authorization CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4183 – open build service allows anyone to upload rpms
https://notcve.org/view.php?id=CVE-2011-4183
A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16. Una vulnerabilidad en Open Build Service permite que atacantes remotos suban archivos RPM arbitrarios. Las versiones afectadas son SUSE Open Build Service en versiones anteriores a la 2.1.16. • https://bugzilla.suse.com/show_bug.cgi?id=736243 https://github.com/openSUSE/open-build-service/commit/5281e4bff9df31f1f91e22a0d1e9086b93b23d7e • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4181 – open build service information leak via unauthorized source access
https://notcve.org/view.php?id=CVE-2011-4181
A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE open build service up to and including version 2.1.15 (for 2.1) and before version 2.3. Una vulnerabilidad en open build service permite que atacantes remotos obtengan acceso a archivos de origen aunque el acceso a origen esté deshabilitado. Las versiones afectadas son SUSE open build service hasta (e incluyendo) la versión 2.1.15 (para 2.1) y las anteriores a la 2.3. • https://bugzilla.suse.com/show_bug.cgi?id=734003 https://github.com/openSUSE/open-build-service/commit/5281e4bff9df31f1f91e22a0d1e9086b93b23d7e • CWE-20: Improper Input Validation CWE-284: Improper Access Control •