PT-2022-10548 · Opensuse · Opensuse Build Service Login-Proxy-Scripts
Bernhard Wiedemann
·
Published
2022-03-09
·
Updated
2023-07-07
·
CVE-2021-36777
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
openSUSE Build service login-proxy-scripts versions prior to dc000cdfe9b9b715fb92195b1a57559362f689ef
Description
A Reliance on Untrusted Inputs in a Security Decision issue in the login proxy of the openSUSE Build service allows attackers to present users with an expected login form that sends clear text credentials to an attacker-specified server.
Recommendations
For openSUSE Build service login-proxy-scripts versions prior to dc000cdfe9b9b715fb92195b1a57559362f689ef, update to a version that includes the fix for this issue to prevent attackers from intercepting clear text credentials. As a temporary workaround, consider restricting access to the login proxy until a patch is available.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opensuse Build Service Login-Proxy-Scripts