CVE-2010-3782
published 2020-01-02CVE-2010-3782: obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation.
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | open-build-service | — | — |
| obs-server | obs-server | < 1.7.7 | 1.7.7 |
| suse | linux_enterprise_server | — | — |