Описание
In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| open-build-service | not-affected | package |
Примечания
https://github.com/openSUSE/open-build-service/commit/2188c059b67b82171d0e28ef59f77e62d22a09d8
https://bugzilla.suse.com/show_bug.cgi?id=870606
EPSS
Процентиль: 34%
0.00134
Низкий
Связанные уязвимости
CVSS3: 8.8
nvd
больше 7 лет назад
In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent.
CVSS3: 8.8
github
больше 3 лет назад
In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent.
EPSS
Процентиль: 34%
0.00134
Низкий