CVE-2018-7688
HIGHOpensuse Open Build Service < 2.9.3 - Missing Authorization
Title source: ruleDescription
A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions.
References (3)
Core 3
Core References
Patch x_refsource_confirm
https://github.com/openSUSE/open-build-service/commit/b15cf19e9e01115f653c76ffdc8f54cd97566553
Issue Tracking x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-7688
Mailing List mailing-list
x_refsource_mlist
https://lists.opensuse.org/opensuse-buildservice/2018-06/msg00014.html
Scores
CVSS v3
7.1
EPSS
0.0016
EPSS Percentile
37.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Details
CWE
CWE-862
Status
published
Products (1)
opensuse/open_build_service
< 2.9.3
Published
Jun 07, 2018
Tracked Since
Feb 18, 2026