Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

open build service — Vulnerabilities & Security Advisories 19

All 19 CVE vulnerabilities found in open build service, with AI-generated Chinese analysis, references, and POCs.

This page catalogs vulnerabilities associated with Open Build Service, a decentralized build platform developed by openSUSE, categorized under software weakness types such as input validation errors and improper access controls. The content aggregates security advisories, common vulnerabilities, and exposures affecting various releases and configurations of the Open Build Service ecosystem. This collection spans from the earliest public disclosures up to recent reports, ensuring a comprehensive historical view of known issues impacting the platform’s integrity and reliability. Users can leverage this resource to track vendor advisories issued by SUSE or community contributors, helping them stay informed about critical patches and mitigation strategies. Additionally, the page allows visitors to understand specific weakness classes by examining how they manifest within the build system’s architecture, including repository handling and package signing processes. Researchers and developers can also look up a product’s vulnerability history to identify recurring patterns or persistent security gaps over time. This structured approach facilitates risk assessment for organizations deploying Open Build Service in their continuous integration pipelines. By consolidating disparate security data into a single view, the page supports proactive defense mechanisms and informed decision-making regarding system updates and configuration changes. The focus remains strictly on factual security information, excluding speculative or unverified claims to maintain accuracy and utility for technical audiences seeking precise details about known flaws in this widely used build infrastructure tool.

Vendor: SUSE

CVE IDTitleCVSSSeverityPublished
CVE-2022-21949 Multiple XXE vulnerabilities in OBS CWE-611 8.8 High2022-05-03
CVE-2020-8031 obs: Stored XSS CWE-79 6.3 Medium2021-02-11
CVE-2018-12475 obs-service-download_files allows downloading from localhost or intranet hosts CWE-610 6.5 Medium2020-09-01
CVE-2020-8021 unauthorized read access to files where sourceaccess is disabled via a crafted _service file in Open Build Service CWE-269 5.3 Medium2020-05-19
CVE-2019-3685 Missing TLS certificate validation for HTTPS connections in osc CWE-295 7.4 High2019-11-05
CVE-2018-12474 Crafted service parameters allows to induce unexpected behaviour in obs-service-tar_scm CWE-20 8.8 -2018-10-09
CVE-2018-12477 obs-service-refresh_patches can be tricked into deleting '..' or other unrelated directories CWE-93 6.5 -2018-10-09
CVE-2018-12478 obs-service-replace_using_package_version allows to specify arbitrary input files CWE-20 6.5 -2018-10-09
CVE-2018-12479 Request controller allows to create requests with arbitrary request IDs CWE-20 7.5 -2018-10-09
CVE-2018-12473 path traversal in obs-service-tar_scm CWE-23 7.5 -2018-10-02
CVE-2011-4183 open build service allows anyone to upload rpms CWE-862 9.8 -2018-06-13
CVE-2011-4181 open build service information leak via unauthorized source access CWE-284 7.5 -2018-06-11
CVE-2014-0594 CSRF protection incorrectly disabled CWE-352 8.8 -2018-06-08
CVE-2013-3703 No write permission check in change_role command CWE-862 6.5 -2018-06-08
CVE-2018-7688 Open Build Service accepts arbitrary reviews CWE-862 6.5 -2018-06-07
CVE-2018-7689 Open Build Service arbitrary package modification CWE-862 6.5 -2018-06-07
CVE-2015-0796 open build service source server symlink exploitation via source patch 7.7 -2018-03-02
CVE-2017-5188 OBS worker VM escape via relative symbolic links 6.5 -2018-03-01
CVE-2017-9268 open-build-service retrigger / wipebinaries hitting the wrong project bypassing access permissions 6.5 -2018-03-01

All 19 known CVE vulnerabilities affecting open build service with full Chinese analysis, references, and POCs where available.