delete package via link exploit in open buildservice
CVE-2018-12467
6MEDIUM
What is CVE-2018-12467?
Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689.
Affected Version(s)
openbuildservice < 9.2.4
References
CVSS V3.1
Score:
6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
CVSS V3.0
Score:
6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Marcus HĂĽwe