A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions.

Related CVEs

CVE-2018-7688

Key Information

GHSA ID

GHSA-9fp2-98jv-g7j6

Published

May 13, 2022 1:31 AM

Last Modified

May 13, 2022 1:31 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: June 13, 2025 6:24 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.