Vulnerabilities > Opensuse > Open Build Service
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-03 | CVE-2022-21949 | XXE vulnerability in Opensuse Open Build Service A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. | 9.0 |
| 2022-03-09 | CVE-2021-36777 | Unspecified vulnerability in Opensuse Open Build Service A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. | 8.8 |
| 2021-02-11 | CVE-2020-8031 | Cross-site Scripting vulnerability in Opensuse Open Build Service A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. | 3.5 |
| 2020-09-01 | CVE-2018-12475 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Opensuse Open Build Service A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. | 5.4 |
| 2020-05-19 | CVE-2020-8021 | Improper Privilege Management vulnerability in multiple products a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5. | 4.3 |
| 2020-05-13 | CVE-2020-8020 | Cross-site Scripting vulnerability in multiple products A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. | 4.3 |
| 2019-11-05 | CVE-2019-3685 | Improper Certificate Validation vulnerability in Opensuse Open Build Service Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary | 6.8 |
| 2018-10-09 | CVE-2018-12479 | Improper Input Validation vulnerability in Opensuse Open Build Service A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. | 7.5 |
| 2018-10-09 | CVE-2018-12478 | Improper Input Validation vulnerability in Opensuse Open Build Service A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. | 6.5 |
| 2018-10-02 | CVE-2018-12473 | Path Traversal vulnerability in Opensuse Open Build Service A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. | 7.5 |