ByteOS Network

NVD Vulnerability Details :

CVE-2017-9268

Modified

Source-security@opentext.com

Published At-01 Mar, 2018 | 20:29

Updated At-07 Nov, 2023 | 02:50

In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service (resource consumption).

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	6.5	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Secondary	3.0	4.4	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Primary	2.0	4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:N/A:P

Type: Primary

Version: 3.0

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.0

Base score: 4.4

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Type: Primary

Version: 2.0

Base score: 4.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:N/I:N/A:P

CPE Matches

openSUSE

>>open_build_service>>Versions up to 2.8.2(inclusive)

cpe:2.3:a:opensuse:open_build_service:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-732	Primary	nvd@nist.gov
CWE-285	Secondary	security@opentext.com

CWE ID: CWE-732

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-285

Type: Secondary

Source: security@opentext.com

References

Hyperlink	Source	Resource
https://bugzilla.suse.com/show_bug.cgi?id=1045519	security@opentext.com	N/A
https://github.com/openSUSE/open-build-service/pull/3267	security@opentext.com	N/A

Hyperlink: https://bugzilla.suse.com/show_bug.cgi?id=1045519

Source: security@opentext.com

Resource: N/A

Hyperlink: https://github.com/openSUSE/open-build-service/pull/3267

Source: security@opentext.com

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History