CVE-2018-7688
7.1
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Summary
A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| openSUSE | Open Build Service | unspecified < 2.9.3 | affected |
Weaknesses
- CWE-862: CWE-862
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/openSUSE/open-build-service/commit/b15cf19e9e01115f653c76ffdc8f54cd97566553
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-7688
- https://lists.opensuse.org/opensuse-buildservice/2018-06/msg00014.html
References
- https://github.com/openSUSE/open-build-service/commit/b15cf19e9e01115f653c76ffdc8f54cd97566553
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-7688
- https://lists.opensuse.org/opensuse-buildservice/2018-06/msg00014.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.