PT-2018-4036 · Suse · Opensuse Open Build Service

Ludwig Nussel

Published

2018-06-11

Updated

2019-10-09

CVE-2011-4181

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions SUSE open build service versions prior to 2.3 SUSE open build service version 2.1.15 and earlier

Description A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled.

Recommendations For SUSE open build service versions prior to 2.3, update to version 2.3 or later. For SUSE open build service version 2.1.15 and earlier, update to a version later than 2.1.15 or apply the necessary patches to restrict access to source files.

Fix

Improper Access Control

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-20

Related Identifiers

CVE-2011-4181

Affected Products

Opensuse Open Build Service

PT-2018-4036 · Suse · Opensuse Open Build Service

CVE-2011-4181

Weakness Enumeration

Related Identifiers

Affected Products

References · 6