CVE-2018-7689

Summary

Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions.

Affected Software

VendorProductVersion RangeStatus
openSUSEOpen Build Serviceunspecified < 2.9.3affected

Weaknesses

  • CWE-862: CWE-862

ADP Enrichment

CVE Program Container

Additional References

References