CVE-2022-21949

< 2.10.13

A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to refere

8.8HIGH

CVE-2021-36777

< 2021-10-08

A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attac

8.1HIGH

CVE-2020-8031

< 2.10.8

A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows

6.3MEDIUM

CVE-2018-12475

all versions

A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Bui

6.5MEDIUM

CVE-2020-8021

< 2.10.5

a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the

5.3MEDIUM

CVE-2020-8020

< 2020-05-13

A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store

6.5MEDIUM

CVE-2019-3685

< 0.165.4

Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary

7.4HIGH

CVE-2018-12479

<= 2.9.4

A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request

6.5MEDIUM

CVE-2018-12478

all versions

A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the

4.8MEDIUM

CVE-2018-12473

<= 0.9.1

A path traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access file

3.1LOW

CVE-2018-12467

< 2.9.4

Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having t

6.0MEDIUM

CVE-2018-12466

< 9.2.4

openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.

4.4MEDIUM

CVE-2011-4183

< 2.1.16

A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build

6.5MEDIUM

CVE-2011-4181

>= 2.1.0 and < 2.1.16

A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled

7.5HIGH

CVE-2014-0594

< 2.4.6

In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing fo

8.8HIGH

CVE-2014-0593

>= 0.5.3 and < 1.1

The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions

7.8HIGH

CVE-2013-3703

>= 2.4.0 and < 2.4.4

The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated

8.8HIGH

CVE-2018-7689

< 2.9.3

Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated

7.1HIGH

CVE-2018-7688

< 2.9.3

A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to m

7.1HIGH

CVE-2011-3178

< 2.3.0

In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by author

8.1HIGH

CVE-2015-0796

>= 2.4 and < 2.4.8

In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate n

6.3MEDIUM

CVE-2017-9268

<= 2.8.2

In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing

4.4MEDIUM

CVE-2017-5188

<= 2.7.3

The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the pack

5.0MEDIUM