CVE-2011-4181

CWE-284 — Improper Access Control CWE-20 — Improper Input Validation5 documents5 sources

Severity

7.5HIGH

EPSS

0.2%

top 55.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Open Build Service Opensuse Open Build Service

Timeline

PublishedJun 11

Latest updateMay 13

Description

A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE open build service up to and including version 2.1.15 (for 2.1) and before version 2.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5suse/open_build_serviceunspecified — 2.3+1

▶NVDopensuse/open_build_service2.1.0 — 2.1.16

▶Ubuntuopen-build-service< 2.7.4-2

🔴Vulnerability Details

GHSA

GHSA-q8vv-4hq4-vm9q: A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled↗2022-05-13

▶

OSV

CVE-2011-4181: A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled↗2018-06-11

▶

CVEList

open build service information leak via unauthorized source access↗2018-06-11

▶

📋Vendor Advisories

Debian

CVE-2011-4181: open-build-service - A vulnerability in open build service allows remote attackers to gain access to ...↗2011

▶