CVE-2011-3178
HIGHopenSUSE Open Build Service < 2.3.0 - Authenticated OS Command Injection via Project Rebuildtimes Statistics
Title source: llmDescription
In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode.
References (2)
Core 2
Core References
Patch x_refsource_confirm
https://github.com/openSUSE/open-build-service/commit/cbfe2ed36dd77c0843702935dea7f914bb599201
Issue Tracking x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=723788
Scores
CVSS v3
8.1
EPSS
0.0133
EPSS Percentile
67.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-78
CWE-94
Status
published
Products (1)
opensuse/open_build_service
< 2.3.0
Published
Mar 20, 2018
Tracked Since
Feb 18, 2026