Lucene search

SuseCVE-2020-8021

HistoryMay 19, 2020 - 3:15 p.m.

CVE-2020-8021

2020-05-1915:15:12

CWE-269

suse

web.nvd.nist.gov

cve-2020-8021

open build service

access control

remote attack

file read

vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.002

Percentile

61.3%

JSON

a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5.

Affected configurations

Nvd

Node

opensuseopen_build_serviceRange<2.10.5

Node

debiandebian_linuxMatch9.0

VendorProductVersionCPE
opensuseopen_build_service*cpe:2.3:a:opensuse:open_build_service:*:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opensuse	open_build_service	*	cpe:2.3:a:opensuse:open_build_service::::::::
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*

CNA Affected

[
  {
    "product": "Open Build Service",
    "vendor": "openSUSE",
    "versions": [
      {
        "lessThan": "2.10.5",
        "status": "affected",
        "version": "Open Build Service",
        "versionType": "custom"
      }
    ]
  }
]