HIGH7.5CVE-2018-12479A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. from 0, < 2.9.4-1
HIGH7.5CVE-2017-5188The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package sourc… from 0, < 2.7.4-3
MEDIUM6.5CVE-2018-12467Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:In… from 0, < 2.9.4-1
MEDIUM6.5openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.
from 0, < 2.9.4-4
MEDIUM6.5Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to…
from 0, < 2.9.4-1
MEDIUM6.5A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sou…
from 0, < 2.9.4-1
MEDIUM6.5In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenti…
from 0, < 2.9.4-1
MEDIUM6.1open-build-service - security update
from 0, < 2.9.4-4
MEDIUM6.1open-build-service - security update
from 0, < 2.7.1-10+deb9u1
MEDIUM5.4A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote at…
from 0, < 2.9.4-4
MEDIUM5.3a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceac…
from 0, < 2.9.4-4