open build service allows anyone to upload rpms
CVE-2011-4183

6.5MEDIUM

Key Information:

Vendor: Suse
Status: Open Build Service
Vendor: CVE Published:; 13 June 2018

Summary

A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16.

Affected Version(s)

open build service < 2.1.16

References

https://github.com/openSUSE/open-build-service/commit/528...

x_refsource_CONFIRM

https://bugzilla.suse.com/show_bug.cgi?id=736243

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 13, 2018
Vulnerability Reserved
Oct 25, 2011