CVE-2018-7689
6.5
MEDIUM
CVSS 3.1
EPSS 0.17%
Description
Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions.
How to fix CVE-2018-7689
To remediate CVE-2018-7689, upgrade the affected package to a fixed version below.
- Debian/open-build-service—upgrade to 2.9.4-1 or later
Is CVE-2018-7689 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.9.4-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |