Vulnerabilities > Opensuse > Open Build Service > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-03 | CVE-2022-21949 | Unspecified vulnerability in Opensuse Open Build Service A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. | 8.8 |
| 2022-03-09 | CVE-2021-36777 | Unspecified vulnerability in Opensuse Open Build Service A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. | 8.8 |
| 2019-11-05 | CVE-2019-3685 | Improper Certificate Validation vulnerability in Opensuse Open Build Service Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary | 7.7 |
| 2018-10-09 | CVE-2018-12479 | Improper Input Validation vulnerability in Opensuse Open Build Service A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. | 7.5 |
| 2018-10-02 | CVE-2018-12473 | Path Traversal vulnerability in Opensuse Open Build Service A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. | 7.5 |
| 2018-06-11 | CVE-2011-4181 | Improper Input Validation vulnerability in Opensuse Open Build Service A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. | 7.5 |
| 2018-06-08 | CVE-2014-0594 | Cross-Site Request Forgery (CSRF) vulnerability in Opensuse Open Build Service In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent. | 8.8 |
| 2018-03-20 | CVE-2011-3178 | Code Injection vulnerability in Opensuse Open Build Service In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode. | 8.8 |
| 2018-03-01 | CVE-2017-5188 | Link Following vulnerability in Opensuse Open Build Service The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information. | 7.5 |