CVE-2018-7689
7.1
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Summary
Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| openSUSE | Open Build Service | unspecified < 2.9.3 | affected |
Weaknesses
- CWE-862: CWE-862
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-7689
- https://github.com/openSUSE/open-build-service/commit/990ef7cccef6f38fc1d1a1bb22a08e174dcba43b
- https://lists.opensuse.org/opensuse-buildservice/2018-06/msg00014.html
References
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-7689
- https://github.com/openSUSE/open-build-service/commit/990ef7cccef6f38fc1d1a1bb22a08e174dcba43b
- https://lists.opensuse.org/opensuse-buildservice/2018-06/msg00014.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.