CVE-2018-7688

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-7688
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-7688.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-7688
Downstream
Published
2018-06-07T13:29:00.287Z
Modified
2025-11-20T10:52:58.746710Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions.

References

Affected packages

Git / github.com/opensuse/open-build-service

Affected ranges

Type
GIT
Repo
https://github.com/opensuse/open-build-service
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b15cf19e9e01115f653c76ffdc8f54cd97566553

Affected versions

1.*

1.9.90
1.9.91
1.9.92

2.*

2.3.60
2.3.90
2.3.91
2.4.50
2.4.51
2.5.50

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-7688.json"