CVE-2018-7689

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-7689
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-7689.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-7689
Downstream
Published
2018-06-07T13:29:00.337Z
Modified
2025-11-14T08:59:35.831073Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions.

References

Affected packages

Git / github.com/opensuse/open-build-service

Affected ranges

Type
GIT
Repo
https://github.com/opensuse/open-build-service
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
990ef7cccef6f38fc1d1a1bb22a08e174dcba43b

Affected versions

1.*

1.9.90
1.9.91
1.9.92

2.*

2.3.60
2.3.90
2.3.91
2.4.50
2.4.51
2.5.50

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-7689.json"