openSUSE Open Build Service Vulnerabilities
Opensuse Open Build Service vulnerabilities.
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
obs: Stored XSS
CVE-2020-8031OpensuseOpen Build Service6.3MEDIUMobs-service-download_files allows downloading from localhost or intranet hosts
CVE-2018-12475OpensuseOpen Build Service6.5MEDIUMunauthorized read access to files where sourceaccess is disabled via a crafted _service file in Open Build Service
CVE-2020-8021OpensuseOpen Build Service5.3MEDIUMPersistent XSS in markdown parser used by obs-server
CVE-2020-8020OpensuseOpen-build-service6.5MEDIUMCrafted service parameters allows to induce unexpected behaviour in obs-service-tar_scm
CVE-2018-12474OpensuseOpen Build Service5.4MEDIUMobs-service-refresh_patches can be tricked into deleting '..' or other unrelated directories
CVE-2018-12477OpensuseOpen Build Service3.5LOWobs-service-replace_using_package_version allows to specify arbitrary input files
CVE-2018-12478OpensuseOpen Build Service4.8MEDIUMRequest controller allows to create requests with arbitrary request IDs
CVE-2018-12479OpensuseOpen Build Service6.5MEDIUMpath traversal in obs-service-tar_scm
CVE-2018-12473OpensuseOpen Build Service3.1LOWNo write permission check in change_role command
CVE-2013-3703OpensuseOpen Build Service8.8HIGHCSRF protection incorrectly disabled
CVE-2014-0594OpensuseOpen Build Service8.8HIGHOpen Build Service accepts arbitrary reviews
CVE-2018-7688OpensuseOpen Build Service7.1HIGHOpen Build Service arbitrary package modification
CVE-2018-7689OpensuseOpen Build Service7.1HIGHOBS worker VM escape via relative symbolic links
CVE-2017-5188OpensuseOpen Build Service5MEDIUM