Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NOpensuse Open Build Service
APPOpensuse< 0.165.4
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2022-21949HIGH8.8ten sam produkt
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote...
CVE-2021-36777HIGH8.1ten sam produkt
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build s...
CVE-2011-4181HIGH7.5ten sam produkt
A vulnerability in open build service allows remote attackers to gain access to source files even though sourc...
CVE-2014-0594HIGH8.8ten sam produkt
In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web in...
CVE-2014-0593HIGH7.8ten sam produkt
The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Servic...