CVE-2018-7688
6.5
MEDIUM
CVSS 3.1
EPSS 0.17%
Description
A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions.
How to fix CVE-2018-7688
To remediate CVE-2018-7688, upgrade the affected package to a fixed version below.
- Debian/open-build-service—upgrade to 2.9.4-1 or later
Is CVE-2018-7688 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.9.4-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |