Vulnerabilities > CVE-2018-7688 - Missing Authorization vulnerability in Opensuse Open Build Service
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-7688
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-7688
- https://github.com/openSUSE/open-build-service/commit/b15cf19e9e01115f653c76ffdc8f54cd97566553
- https://github.com/openSUSE/open-build-service/commit/b15cf19e9e01115f653c76ffdc8f54cd97566553
- https://lists.opensuse.org/opensuse-buildservice/2018-06/msg00014.html
- https://lists.opensuse.org/opensuse-buildservice/2018-06/msg00014.html