CVE-2018-12466

Опубликовано: 01 авг. 2018

Источник: debian

EPSS Низкий

Описание

openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.

Пакет	Статус	Версия исправления	Релиз	Тип
open-build-service	fixed	2.9.4-4		package
open-build-service	no-dsa		stretch	package

https://bugzilla.suse.com/show_bug.cgi?id=1098934
Fixed by: https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063
Introduced by: https://github.com/openSUSE/open-build-service/commit/990ef7cccef6f38fc1d1a1bb22a08e174dcba43b
With 2.9.4-4, the rails web frontend is no longer shipped, marking as fixed version

EPSS

Процентиль: 39%

0.00176

Низкий

CVE-2018-12466

CVSS3: 4.4

ubuntu

больше 7 лет назад

openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.

CVE-2018-12466

CVSS3: 4.4

nvd

больше 7 лет назад

openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.

GHSA-3mj8-3cm6-5whc

CVSS3: 6.5

github

больше 3 лет назад

openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.

EPSS

Процентиль: 39%

0.00176

Низкий