CVE-2015-0796

CWE-434Unrestricted File UploadCWE-594 documents4 sources
Severity
7.8HIGH
EPSS
0.2%
top 63.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Suse Open Build ServiceOpensuse Open Buildservice
Timeline
PublishedMar 2
Latest updateMay 13

Description

In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

CVEListV5suse/open_build_service2.62.6.3+2
NVDopensuse/open_buildservice2.42.4.8+2

🔴Vulnerability Details

2
GHSA
GHSA-p785-598g-mxcr: In open buildservice 22022-05-13
CVEList
open build service source server symlink exploitation via source patch2018-03-02

📋Vendor Advisories

1
Debian
CVE-2015-0796: open-build-service - In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the...2015
CVE-2015-0796 (HIGH CVSS 7.8) | In open buildservice 2.6 before 2.6 | cvebase.io