CVE-2011-4183

CWE-862Missing AuthorizationCWE-434Unrestricted File Upload5 documents5 sources
Severity
9.8CRITICAL
EPSS
0.4%
top 42.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Suse Open Build ServiceOpensuse Open Build Service
Timeline
PublishedJun 13
Latest updateMay 13

Description

A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5suse/open_build_serviceunspecified2.1.16
Ubuntuopen-build-service< 2.7.4-2

🔴Vulnerability Details

3
GHSA
GHSA-rqg5-w7gw-xqvq: A vulnerability in open build service allows remote attackers to upload arbitrary RPM files2022-05-13
OSV
CVE-2011-4183: A vulnerability in open build service allows remote attackers to upload arbitrary RPM files2018-06-13
CVEList
open build service allows anyone to upload rpms2018-06-13

📋Vendor Advisories

1
Debian
CVE-2011-4183: open-build-service - A vulnerability in open build service allows remote attackers to upload arbitrar...2011
CVE-2011-4183 (CRITICAL CVSS 9.8) | A vulnerability in open build servi | cvebase.io