Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

openbuildservice

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2018-12466
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Assigner-OpenText (formerly Micro Focus)
CVSS Score-4.4||MEDIUM
EPSS-0.18% / 39.36%
||
7 Day CHG~0.00%
Published-01 Aug, 2018 | 15:00
Updated-17 Sep, 2024 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
openbuildservice allowed deleting packages via project links

openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.

Action-Not Available
Vendor-openSUSE
Product-open_build_serviceopenbuildservice
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-12467
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Assigner-OpenText (formerly Micro Focus)
CVSS Score-6||MEDIUM
EPSS-0.11% / 30.24%
||
7 Day CHG~0.00%
Published-01 Aug, 2018 | 15:00
Updated-16 Sep, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
delete package via link exploit in open buildservice

Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689.

Action-Not Available
Vendor-openSUSE
Product-open_build_serviceopenbuildservice
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2011-3178
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Assigner-OpenText (formerly Micro Focus)
CVSS Score-8.1||HIGH
EPSS-0.33% / 55.51%
||
7 Day CHG~0.00%
Published-20 Mar, 2018 | 18:00
Updated-16 Sep, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
openbuildservice webui code injection

In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode.

Action-Not Available
Vendor-openSUSE
Product-open_build_serviceopenbuildservice
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')