Suse Open Build Service vulnerabilities

5 known vulnerabilities affecting suse/open_build_service.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2022-21949HIGHCVSS 8.8≥ Open Build Service, < 2.10.132022-05-03
CVE-2022-21949 [HIGH] CWE-611 CVE-2022-21949: A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service all A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges on OBS. This issue affects: SUSE Open Build Service Open Build Service ver
cvelistv5nvd
CVE-2011-4183CRITICALCVSS 9.8≥ unspecified, < 2.1.162018-06-13
CVE-2011-4183 [MEDIUM] CWE-862 CVE-2011-4183: A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affecte A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16.
cvelistv5nvd
CVE-2011-4181HIGHCVSS 7.5≥ unspecified, ≤ 2.1.15≥ unspecified, < 2.32018-06-11
CVE-2011-4181 [HIGH] CWE-284 CVE-2011-4181: A vulnerability in open build service allows remote attackers to gain access to source files even th A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE open build service up to and including version 2.1.15 (for 2.1) and before version 2.3.
cvelistv5nvd
CVE-2015-0796HIGHCVSS 7.8≥ 2.6, < 2.6.3≥ 2.5, < 2.5.7+1 more2018-03-02
CVE-2015-0796 [MEDIUM] CWE-434 CVE-2015-0796: In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patc In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service.
cvelistv5nvd
CVE-2017-9268MEDIUMCVSS 6.5≥ unspecified, < 20170722 git2018-03-01
CVE-2017-9268 [MEDIUM] CWE-285 CVE-2017-9268: In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong pro In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service (resource consumption).
cvelistv5nvd