CVE-2018-7689
HIGHopenSUSE Open Build Service < 2.9.3 - Authenticated Missing Authorization in InitializeDevelPackage
Title source: llmDescription
Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions.
References (3)
Core 3
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-7689
Patch x_refsource_confirm
https://github.com/openSUSE/open-build-service/commit/990ef7cccef6f38fc1d1a1bb22a08e174dcba43b
Mailing List mailing-list
x_refsource_mlist
https://lists.opensuse.org/opensuse-buildservice/2018-06/msg00014.html
Scores
CVSS v3
7.1
EPSS
0.0121
EPSS Percentile
64.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Details
CWE
CWE-862
Status
published
Products (1)
opensuse/open_build_service
< 2.9.3
Published
Jun 07, 2018
Tracked Since
Feb 18, 2026