The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data.
References
Configurations
History
21 Nov 2024, 01:54
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.suse.com/show_bug.cgi?id=828256 - | |
References | () https://github.com/openSUSE/open-build-service/commit/06ad7fdbdd7eb2fef8947d14c4cdd00d8f6387b1 - | |
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 8.8 |
07 Nov 2023, 02:16
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/openSUSE/open-build-service/commit/06ad7fdbdd7eb2fef8947d14c4cdd00d8f6387b1 - | |
References | () https://bugzilla.suse.com/show_bug.cgi?id=828256 - |
Information
Published : 2018-06-08 17:29
Updated : 2024-11-21 01:54
NVD link : CVE-2013-3703
Mitre link : CVE-2013-3703
CVE.ORG link : CVE-2013-3703
JSON object : View
Products Affected
opensuse
- open_build_service