CVE-2014-0594
HIGHOpen Build Service < 2.4.6 - Cross-Site Request Forgery
Title source: llmDescription
In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent.
References (2)
Core 2
Core References
Patch x_refsource_confirm
https://github.com/openSUSE/open-build-service/commit/2188c059b67b82171d0e28ef59f77e62d22a09d8
Issue Tracking x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=870606
Scores
CVSS v3
8.8
EPSS
0.0013
EPSS Percentile
32.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (1)
opensuse/open_build_service
< 2.4.6
Published
Jun 08, 2018
Tracked Since
Feb 18, 2026