Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for openbuildservice by opensuse

    CVE-2018-12467 (GCVE-0-2018-12467)

    Vulnerability from nvd – Published: 2018-08-01 15:00 – Updated: 2024-09-16 18:34
    VLAI
    Title
    delete package via link exploit in open buildservice
    Summary
    Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    opensuse openbuildservice Affected: unspecified , < 9.2.4 (custom)
    Create a notification for this product.
    Date Public
    2018-07-24 00:00
    Credits
    Marcus Hüwe
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T08:38:06.304Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1100217"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openbuildservice",
              "vendor": "opensuse",
              "versions": [
                {
                  "lessThan": "9.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marcus H\u00fcwe"
            }
          ],
          "datePublic": "2018-07-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:16:00.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1100217"
            }
          ],
          "source": {
            "defect": [
              "1098934"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "delete package via link exploit in open buildservice",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2018-07-24T00:00:00.000Z",
              "ID": "CVE-2018-12467",
              "STATE": "PUBLIC",
              "TITLE": "delete package via link exploit in open buildservice"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "openbuildservice",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "9.2.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "opensuse"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Marcus H\u00fcwe"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1100217",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1100217"
                }
              ]
            },
            "source": {
              "defect": [
                "1098934"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-12467",
        "datePublished": "2018-08-01T15:00:00.000Z",
        "dateReserved": "2018-06-15T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:34:59.508Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-12466 (GCVE-0-2018-12466)

    Vulnerability from nvd – Published: 2018-08-01 15:00 – Updated: 2024-09-17 00:40
    VLAI
    Title
    openbuildservice allowed deleting packages via project links
    Summary
    openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    opensuse openbuildservice Affected: unspecified , ≤ 2.9.4 (custom)
    Create a notification for this product.
    Date Public
    2018-07-24 00:00
    Credits
    Marcus Hüwe
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T08:38:05.924Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104958",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104958"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-12466"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openbuildservice",
              "vendor": "opensuse",
              "versions": [
                {
                  "lessThanOrEqual": "2.9.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marcus H\u00fcwe"
            }
          ],
          "datePublic": "2018-07-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:57.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "name": "104958",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104958"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-12466"
            }
          ],
          "source": {
            "defect": [
              "1098934"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "openbuildservice allowed deleting packages via project links",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@suse.com",
              "DATE_PUBLIC": "2018-07-24T00:00:00.000Z",
              "ID": "CVE-2018-12466",
              "STATE": "PUBLIC",
              "TITLE": "openbuildservice allowed deleting packages via project links"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "openbuildservice",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_value": "2.9.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "opensuse"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Marcus H\u00fcwe"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104958",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104958"
                },
                {
                  "name": "https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-12466",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-12466"
                }
              ]
            },
            "source": {
              "defect": [
                "1098934"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-12466",
        "datePublished": "2018-08-01T15:00:00.000Z",
        "dateReserved": "2018-06-15T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:40:29.176Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3178 (GCVE-0-2011-3178)

    Vulnerability from nvd – Published: 2018-03-20 18:00 – Updated: 2024-09-16 20:47
    VLAI
    Title
    openbuildservice webui code injection
    Summary
    In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    opensuse openbuildservice Affected: unspecified , < 2.3.0 (custom)
    Create a notification for this product.
    Date Public
    2011-10-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:22:27.700Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/openSUSE/open-build-service/commit/cbfe2ed36dd77c0843702935dea7f914bb599201"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=723788"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openbuildservice",
              "vendor": "opensuse",
              "versions": [
                {
                  "lessThan": "2.3.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2011-10-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "shell code injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:24.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/openSUSE/open-build-service/commit/cbfe2ed36dd77c0843702935dea7f914bb599201"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=723788"
            }
          ],
          "source": {
            "defect": [
              "723788"
            ],
            "discovery": "INTERNAL"
          },
          "title": "openbuildservice webui code injection",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2011-10-13T00:00:00.000Z",
              "ID": "CVE-2011-3178",
              "STATE": "PUBLIC",
              "TITLE": "openbuildservice webui code injection"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "openbuildservice",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "opensuse"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "shell code injection"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/openSUSE/open-build-service/commit/cbfe2ed36dd77c0843702935dea7f914bb599201",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/openSUSE/open-build-service/commit/cbfe2ed36dd77c0843702935dea7f914bb599201"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=723788",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=723788"
                }
              ]
            },
            "source": {
              "defect": [
                "723788"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2011-3178",
        "datePublished": "2018-03-20T18:00:00.000Z",
        "dateReserved": "2011-08-19T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:47:59.849Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-12467 (GCVE-0-2018-12467)

    Vulnerability from cvelistv5 – Published: 2018-08-01 15:00 – Updated: 2024-09-16 18:34
    VLAI
    Title
    delete package via link exploit in open buildservice
    Summary
    Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    opensuse openbuildservice Affected: unspecified , < 9.2.4 (custom)
    Create a notification for this product.
    Date Public
    2018-07-24 00:00
    Credits
    Marcus Hüwe
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T08:38:06.304Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1100217"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openbuildservice",
              "vendor": "opensuse",
              "versions": [
                {
                  "lessThan": "9.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marcus H\u00fcwe"
            }
          ],
          "datePublic": "2018-07-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:16:00.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1100217"
            }
          ],
          "source": {
            "defect": [
              "1098934"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "delete package via link exploit in open buildservice",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2018-07-24T00:00:00.000Z",
              "ID": "CVE-2018-12467",
              "STATE": "PUBLIC",
              "TITLE": "delete package via link exploit in open buildservice"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "openbuildservice",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "9.2.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "opensuse"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Marcus H\u00fcwe"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1100217",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1100217"
                }
              ]
            },
            "source": {
              "defect": [
                "1098934"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-12467",
        "datePublished": "2018-08-01T15:00:00.000Z",
        "dateReserved": "2018-06-15T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:34:59.508Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-12466 (GCVE-0-2018-12466)

    Vulnerability from cvelistv5 – Published: 2018-08-01 15:00 – Updated: 2024-09-17 00:40
    VLAI
    Title
    openbuildservice allowed deleting packages via project links
    Summary
    openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    opensuse openbuildservice Affected: unspecified , ≤ 2.9.4 (custom)
    Create a notification for this product.
    Date Public
    2018-07-24 00:00
    Credits
    Marcus Hüwe
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T08:38:05.924Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104958",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104958"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-12466"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openbuildservice",
              "vendor": "opensuse",
              "versions": [
                {
                  "lessThanOrEqual": "2.9.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marcus H\u00fcwe"
            }
          ],
          "datePublic": "2018-07-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:57.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "name": "104958",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104958"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-12466"
            }
          ],
          "source": {
            "defect": [
              "1098934"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "openbuildservice allowed deleting packages via project links",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@suse.com",
              "DATE_PUBLIC": "2018-07-24T00:00:00.000Z",
              "ID": "CVE-2018-12466",
              "STATE": "PUBLIC",
              "TITLE": "openbuildservice allowed deleting packages via project links"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "openbuildservice",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_value": "2.9.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "opensuse"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Marcus H\u00fcwe"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104958",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104958"
                },
                {
                  "name": "https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-12466",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-12466"
                }
              ]
            },
            "source": {
              "defect": [
                "1098934"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-12466",
        "datePublished": "2018-08-01T15:00:00.000Z",
        "dateReserved": "2018-06-15T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:40:29.176Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3178 (GCVE-0-2011-3178)

    Vulnerability from cvelistv5 – Published: 2018-03-20 18:00 – Updated: 2024-09-16 20:47
    VLAI
    Title
    openbuildservice webui code injection
    Summary
    In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    opensuse openbuildservice Affected: unspecified , < 2.3.0 (custom)
    Create a notification for this product.
    Date Public
    2011-10-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:22:27.700Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/openSUSE/open-build-service/commit/cbfe2ed36dd77c0843702935dea7f914bb599201"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=723788"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openbuildservice",
              "vendor": "opensuse",
              "versions": [
                {
                  "lessThan": "2.3.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2011-10-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "shell code injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:24.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/openSUSE/open-build-service/commit/cbfe2ed36dd77c0843702935dea7f914bb599201"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=723788"
            }
          ],
          "source": {
            "defect": [
              "723788"
            ],
            "discovery": "INTERNAL"
          },
          "title": "openbuildservice webui code injection",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2011-10-13T00:00:00.000Z",
              "ID": "CVE-2011-3178",
              "STATE": "PUBLIC",
              "TITLE": "openbuildservice webui code injection"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "openbuildservice",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "opensuse"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "shell code injection"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/openSUSE/open-build-service/commit/cbfe2ed36dd77c0843702935dea7f914bb599201",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/openSUSE/open-build-service/commit/cbfe2ed36dd77c0843702935dea7f914bb599201"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=723788",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=723788"
                }
              ]
            },
            "source": {
              "defect": [
                "723788"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2011-3178",
        "datePublished": "2018-03-20T18:00:00.000Z",
        "dateReserved": "2011-08-19T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:47:59.849Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }