CVE-2017-9268
4.4
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Summary
In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service (resource consumption).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SUSE | open build service | unspecified < 20170722 git | affected |
Weaknesses
- incorrect permission checking lead to authenticated users to cause rebuilds or allowing wiping binaries in other projects.
- CWE-285: CWE-285
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.suse.com/show_bug.cgi?id=1045519
- https://github.com/openSUSE/open-build-service/pull/3267
References
- https://bugzilla.suse.com/show_bug.cgi?id=1045519
- https://github.com/openSUSE/open-build-service/pull/3267
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.