open build service information leak via unauthorized source access
CVE-2011-4181

4.3MEDIUM

Key Information:

Vendor: Suse
Status: Open Build Service
Vendor: CVE Published:; 11 June 2018

Summary

A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE open build service up to and including version 2.1.15 (for 2.1) and before version 2.3.

Affected Version(s)

open build service <= 2.1.15

open build service < 2.3

References

https://github.com/openSUSE/open-build-service/commit/528...

x_refsource_CONFIRM

https://bugzilla.suse.com/show_bug.cgi?id=734003

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 11, 2018
Vulnerability Reserved
Oct 25, 2011