CPE Details
openSUSE Open Build Service (OBS) 2.10.5
2.10.5
2020-05-21
12h41 +00:00
12h41 +00:00
2020-05-21
12h41 +00:00
12h41 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:opensuse:open_build_service:2.10.5:*:*:*:*:*:*:*
Informations
Vendor
opensuseProduct
open_build_serviceVersion
2.10.5Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges on OBS. This issue affects: SUSE Open Build Service Open Build Service versions prior to 2.10.13. | 8.8 |
Haute |
||
| A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service login-proxy-scripts versions prior to dc000cdfe9b9b715fb92195b1a57559362f689ef. | 8.8 |
Haute |
||
| A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prior to 2.10.8. | 6.3 |
Moyen |
||
| A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. This issue affects: openSUSE open-build-service versions prior to 7cc32c8e2ff7290698e101d9a80a9dc29a5500fb. | 6.5 |
Moyen |
||
| openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links. | 6.5 |
Moyen |
2025©
tesweb SA
