Vulnerabilities > CVE-2018-7689 - Missing Authorization vulnerability in Opensuse Open Build Service
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-7689
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-7689
- https://github.com/openSUSE/open-build-service/commit/990ef7cccef6f38fc1d1a1bb22a08e174dcba43b
- https://github.com/openSUSE/open-build-service/commit/990ef7cccef6f38fc1d1a1bb22a08e174dcba43b
- https://lists.opensuse.org/opensuse-buildservice/2018-06/msg00014.html
- https://lists.opensuse.org/opensuse-buildservice/2018-06/msg00014.html