CVE-2018-7689

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-7689
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-7689.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-7689
Downstream
Published
2018-06-07T13:29:00.337Z
Modified
2026-03-12T22:56:27.213187Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions.

References

Affected packages

Git / github.com/opensuse/open-build-service

Affected ranges

Type
GIT
Repo
https://github.com/opensuse/open-build-service
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
10f6b8fda18d5cf7b1a37061225738a9e07ea268
Fixed
990ef7cccef6f38fc1d1a1bb22a08e174dcba43b
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.9.3"
        }
    ]
}

Affected versions

1.*
1.9.90
1.9.91
1.9.92
2.*
2.3.60
2.3.90
2.3.91
2.4.50
2.4.51
2.5.50
2.9.0
2.9.1
2.9.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-7689.json"