Unknown · Open Build Service · CVE-2020-8031
Name of the Vulnerable Software and Affected Versions:
Open Build Service versions prior to 2.10.8
Description:
A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') issue allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity.
Recommendations:
For Open Build Service versions prior to 2.10.8, update to version 2.10.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of markdown in the Open Build Service to minimize the risk of exploitation.