Known Vulnerabilities for Open Build Service by Opensuse

Listed below are 10 of the newest known vulnerabilities associated with "Open Build Service" by "Opensuse".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2022-21949	A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to r...	8.8 - HIGH	2022-05-03	2022-05-10
CVE-2021-36777	A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed ...	8.8 - HIGH	2022-03-09	2023-07-07
CVE-2020-8031	A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service al...	5.4 - MEDIUM	2021-02-11	2021-02-17
CVE-2020-8021	a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package wher...	5.3 - MEDIUM	2020-05-19	2021-03-15
CVE-2020-8020	A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to ...	6.1 - MEDIUM	2020-05-13	2021-03-15
CVE-2019-3685	Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary	7.7 - HIGH	2019-11-05	2019-11-08
CVE-2018-12467	Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects hav...	6.5 - MEDIUM	2018-08-01	2023-11-07
CVE-2018-12466	openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links...	6.5 - MEDIUM	2018-08-01	2023-11-07
CVE-2018-7689	Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenti...	6.5 - MEDIUM	2018-06-07	2023-11-07
CVE-2018-7688	A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users...	6.5 - MEDIUM	2018-06-07	2023-11-07

Results limited to 10 most recent vulnerabilities

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Opensuse	Open Build Service	9.2.4	All	All	All
Application	Opensuse	Open Build Service	2020-05-13	All	All	All
Application	Opensuse	Open Build Service	2.9.6	All	All	All
Application	Opensuse	Open Build Service	2.9.5	All	All	All
Application	Opensuse	Open Build Service	2.9.4	All	All	All
Application	Opensuse	Open Build Service	2.9.3	All	All	All
Application	Opensuse	Open Build Service	2.9.2	All	All	All
Application	Opensuse	Open Build Service	2.9.1	All	All	All
Application	Opensuse	Open Build Service	2.9.0	All	All	All
Application	Opensuse	Open Build Service	2.8.4	All	All	All
Application	Opensuse	Open Build Service	2.8.3	All	All	All
Application	Opensuse	Open Build Service	2.8.2	All	All	All
Application	Opensuse	Open Build Service	2.8.1	All	All	All
Application	Opensuse	Open Build Service	2.8.0	All	All	All
Application	Opensuse	Open Build Service	2.7.4	All	All	All
Application	Opensuse	Open Build Service	2.7.3	All	All	All
Application	Opensuse	Open Build Service	2.7.2	All	All	All
Application	Opensuse	Open Build Service	2.7.1	All	All	All
Application	Opensuse	Open Build Service	2.7.0	All	All	All
Application	Opensuse	Open Build Service	2.6.9	All	All	All

Results limited to 20 most recent known configurations