CVE-2018-7688

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-7688
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-7688.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-7688
Downstream
Published
2018-06-07T13:29:00.287Z
Modified
2026-04-11T18:10:50.399139Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions.

References

Affected packages

Git / github.com/opensuse/open-build-service

Affected ranges

Type
GIT
Repo
https://github.com/opensuse/open-build-service
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
10f6b8fda18d5cf7b1a37061225738a9e07ea268
Fixed
b15cf19e9e01115f653c76ffdc8f54cd97566553
Database specific 
{
    "cpe": "cpe:2.3:a:opensuse:open_build_service:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.9.3"
        }
    ]
}

Affected versions

1.*
1.9.90
1.9.91
1.9.92
2.*
2.3.60
2.3.90
2.3.91
2.4.50
2.4.51
2.5.50
2.9.0
2.9.1
2.9.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-7688.json"