CVE-2018-7689

Опубликовано: 07 июн. 2018

Источник: debian

EPSS Низкий

Описание

Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
open-build-service	fixed	2.9.4-1		package
open-build-service	no-dsa		stretch	package

Примечания

https://bugzilla.suse.com/show_bug.cgi?id=1094819
https://github.com/openSUSE/open-build-service/commit/990ef7cccef6f38fc1d1a1bb22a08e174dcba43b

EPSS

Процентиль: 38%

0.00165

Низкий

Связанные уязвимости

CVE-2018-7689

CVSS3: 7.1

ubuntu

больше 7 лет назад

Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions.

CVE-2018-7689

CVSS3: 7.1

nvd

больше 7 лет назад

Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions.

GHSA-mcfv-wm6f-9ch2

CVSS3: 6.5

github

больше 3 лет назад

Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions.

EPSS

Процентиль: 38%

0.00165

Низкий