Vulnerabilities > Opensuse > Open Build Service > 0.5.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-03 | CVE-2022-21949 | XXE vulnerability in Opensuse Open Build Service A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. | 9.0 |
| 2022-03-09 | CVE-2021-36777 | Unspecified vulnerability in Opensuse Open Build Service A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. | 8.8 |
| 2021-02-11 | CVE-2020-8031 | Cross-site Scripting vulnerability in Opensuse Open Build Service A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. | 3.5 |
| 2020-05-19 | CVE-2020-8021 | Improper Privilege Management vulnerability in multiple products a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5. | 4.3 |
| 2020-05-13 | CVE-2020-8020 | Cross-site Scripting vulnerability in multiple products A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. | 4.3 |
| 2019-11-05 | CVE-2019-3685 | Improper Certificate Validation vulnerability in Opensuse Open Build Service Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary | 6.8 |
| 2018-10-02 | CVE-2018-12473 | Path Traversal vulnerability in Opensuse Open Build Service A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. | 7.5 |
| 2018-08-01 | CVE-2018-12466 | Incorrect Permission Assignment for Critical Resource vulnerability in Opensuse Open Build Service openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links. | 6.5 |
| 2018-06-13 | CVE-2011-4183 | Unrestricted Upload of File with Dangerous Type vulnerability in Opensuse Open Build Service A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. | 9.8 |
| 2018-06-08 | CVE-2014-0594 | Cross-Site Request Forgery (CSRF) vulnerability in Opensuse Open Build Service In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent. | 8.8 |