CVE-2017-9268 Vulnerability Details

  /     /     /  

CVE-2017-9268 Metadata Quick Info

CVE Published: 01/03/2018 | CVE Updated: 17/09/2024 | CVE Year: 2017
Source: microfocus | Vendor: SUSE | Product: open build service
Status : PUBLISHED

---

CVE-2017-9268 Description

In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service (resource consumption).

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: incorrect permission checking lead to authenticated users to cause rebuilds or allowing wiping binaries in other projects.
Source: SUSE

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).