PT-2018-4032 · Opensuse · Open Build Service

Ludwig Nussel

·

Publicado

2018-03-20

·

Atualizado

2019-10-09

·

CVE-2011-3178

CVSS v3.1

8.1

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions OpenBuildService versions prior to 2.3.0
Description A code injection issue in the web UI of the OpenBuildService allows authorized attackers to execute shellcode by manipulating the project rebuild times statistics.
Recommendations For versions prior to 2.3.0, update to version 2.3.0 or later to resolve the issue.

Correção

Code Injection

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94CWE-78

Identificadores relacionados

CVE-2011-3178

Produtos afetados

Open Build Service