CVE-2022-21949

Name of the Vulnerable Software and Affected Versions SUSE Open Build Service versions prior to 2.10.13

Description A vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations, potentially gaining information from the server that can be abused to escalate to Admin privileges on OBS.

Recommendations For versions prior to 2.10.13, update to version 2.10.13 or later to resolve the issue. As a temporary workaround, consider restricting access to certain operations that may be vulnerable to XML External Entity Reference attacks until a patch is applied.