Permission Issues
CVE-2013-3703
Summary
The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- LOW
- NONE
- NONE
CWE-275 - Permission Issues
Weaknesses in this category are related to improper assignment or handling of permissions.
References
Advisory Timeline
- Published