6.5
CVE-2018-12466
- EPSS 0.18%
- Veröffentlicht 01.08.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:45:16
- Quelle security@opentext.com
- CVE-Watchlists
- Unerledigt
Loginopenbuildservice allowed deleting packages via project links
openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Opensuse ≫ Open Build Service Version < 9.2.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.394 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 5.5 | 8 | 4.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:P
|
| security@opentext.com | 4.4 | 0.8 | 3.6 |
CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
|
CWE-285 Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.