CVE-2018-12466

CWE-285CWE-732Incorrect Permission Assignment5 documents5 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 60.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Opensuse Open Build ServiceOpensuse Openbuildservice
Timeline
PublishedAug 1
Latest updateMay 13

Description

openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5opensuse/openbuildserviceunspecified2.9.4
Debianopen-build-service< 2.9.4-4

🔴Vulnerability Details

3
GHSA
GHSA-3mj8-3cm6-5whc: openSUSE openbuildservice before 92022-05-13
CVEList
openbuildservice allowed deleting packages via project links2018-08-01
OSV
CVE-2018-12466: openSUSE openbuildservice before 92018-08-01

📋Vendor Advisories

1
Debian
CVE-2018-12466: open-build-service - openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete pac...2018
CVE-2018-12466 (MEDIUM CVSS 6.5) | openSUSE openbuildservice before 9. | cvebase.io