Opensuse: >> Open Build Service >> 0.5.12 Security Vulnerabilities
The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the executing server.
CVSS Score
7.8
EPSS Score
0.005
Published
2018-06-08
In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode.
CVSS Score
8.1
EPSS Score
0.003
Published
2018-03-20