Candidate: CVE-2018-7689
PublicDate: 2018-06-07 13:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7689
 https://bugzilla.suse.com/show_bug.cgi?id=1094819
 https://github.com/openSUSE/open-build-service/commit/990ef7cccef6f38fc1d1a1bb22a08e174dcba43b
Description:
 Lack of permission checks in the InitializeDevelPackage function in
 openSUSE Open Build Service before 2.9.3 allowed authenticated users to
 modify packages where they do not have write permissions.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903797
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N [6.5 MEDIUM]


Patches_open-build-service:
upstream_open-build-service: released (2.9.4-1)
precise/esm_open-build-service: DNE
trusty_open-build-service: ignored (out of standard support)
trusty/esm_open-build-service: DNE
xenial_open-build-service: DNE
bionic_open-build-service: needed
focal_open-build-service: DNE
groovy_open-build-service: DNE
hirsute_open-build-service: DNE
impish_open-build-service: DNE
jammy_open-build-service: DNE
devel_open-build-service: DNE