openSUSE Open Build Service (OBS)

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:opensuse:open_build_service:-:*:*:*:*:*:*:*

part: a version: - update: *

VendorOpensuse (3380e48e-e718-5685-8ad0-092ef58910e5)
ProductOpen Build Service (ca476dc9-3e0a-57f5-8ff1-e910f9f7c9f5)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/opensuse/obs-service-set-version purl2cpe 2026-06-01 10:15:35.949103
pkg:github/opensuse/open-build-service purl2cpe 2026-06-01 10:15:35.949106

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2018-12478 vulnerable 2026-06-03 14:38:04.418313 obs-service-replace_using_package_version allows to specify arbitrary input files
MEDIUM (4.8)
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected releases are openSUSE Open Build Service: status of is unknown.
Published: 2018-10-09T13:00:00.000Z
Updated: 2024-09-16T18:44:00.980Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-12475 vulnerable 2026-06-03 14:38:04.412654 obs-service-download_files allows downloading from localhost or intranet hosts
MEDIUM (6.5)
A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. This issue affects: openSUSE Open Build Service .
Published: 2020-09-01T11:55:11.943Z
Updated: 2024-09-17T00:36:57.174Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.