Published: 01/08/2018 Updated: 07/11/2023

CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 490

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P

Authorized users of the openbuildservice prior to 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensuse open build service

Debian Bug report logs - #903797 open-build-service: CVE-2018-7689 Package: src:open-build-service; Maintainer for src:open-build-service is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 14 Jul 2018 22:09:01 UTC S ...

Debian Bug report logs - #911797 Multiple vulnerabilities Package: src:open-build-service; Maintainer for src:open-build-service is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 24 Oct 2018 21:36:01 UTC Severity: grave ...

Debian Bug report logs - #903796 open-build-service: CVE-2018-7688 Package: src:open-build-service; Maintainer for src:open-build-service is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 14 Jul 2018 22:06:02 UTC S ...

CWE-732 https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063 https://bugzilla.suse.com/show_bug.cgi?id=1100217 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903797

CVE-2018-12467

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect