cvelist/2017/9xxx/CVE-2017-9268.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "security@suse.com",
      "DATE_PUBLIC" : "2017-06-22T00:00:00.000Z",
      "ID" : "CVE-2017-9268",
      "STATE" : "PUBLIC",
      "TITLE" : "open-build-service retrigger / wipebinaries hitting the wrong project bypassing access permissions"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "open build service",
                        "version" : {
                           "version_data" : [
                              {
                                 "affected" : "<",
                                 "version_value" : "20170722 git"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "SUSE"
            }
         ]
      }
   },
   "credit" : [
      {
         "lang" : "eng",
         "value" : "Adrian Schröter of SUSE"
      }
   ],
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service (resource consumption)."
         }
      ]
   },
   "impact" : {
      "cvss" : {
         "attackComplexity" : "LOW",
         "attackVector" : "LOCAL",
         "availabilityImpact" : "LOW",
         "baseScore" : 4.4,
         "baseSeverity" : "MEDIUM",
         "confidentialityImpact" : "NONE",
         "integrityImpact" : "LOW",
         "privilegesRequired" : "LOW",
         "scope" : "UNCHANGED",
         "userInteraction" : "NONE",
         "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
         "version" : "3.0"
      }
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "incorrect permission checking lead to authenticated users to cause rebuilds or allowing wiping binaries in other projects."
               }
            ]
         },
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "CWE-285"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1045519",
            "refsource" : "CONFIRM",
            "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1045519"
         },
         {
            "name" : "https://github.com/openSUSE/open-build-service/pull/3267",
            "refsource" : "CONFIRM",
            "url" : "https://github.com/openSUSE/open-build-service/pull/3267"
         }
      ]
   },
   "source" : {
      "advisory" : "CVE-2017-9268",
      "defect" : [
         "https://bugzilla.suse.com/show_bug.cgi?id=1045519"
      ],
      "discovery" : "INTERNAL"
   }
}
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
			`"CVE_data_meta" : {`
- Synchronized data. 2018-03-01 14:05:01 -05:00			`"ASSIGNER" : "security@suse.com",`
- Added submissions from Micro Focus from 2018-03-01. 2018-03-01 13:26:02 -05:00			`"DATE_PUBLIC" : "2017-06-22T00:00:00.000Z",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"ID" : "CVE-2017-9268",`
- Added submissions from Micro Focus from 2018-03-01. 2018-03-01 13:26:02 -05:00			`"STATE" : "PUBLIC",`
			`"TITLE" : "open-build-service retrigger / wipebinaries hitting the wrong project bypassing access permissions"`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`},`
- Added submissions from Micro Focus from 2018-03-01. 2018-03-01 13:26:02 -05:00			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
			`"product_name" : "open build service",`
			`"version" : {`
			`"version_data" : [`
			`{`
			`"affected" : "<",`
			`"version_value" : "20170722 git"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name" : "SUSE"`
			`}`
			`]`
			`}`
			`},`
			`"credit" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "Adrian Schröter of SUSE"`
			`}`
			`],`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
- Added submissions from Micro Focus from 2018-03-01. 2018-03-01 13:26:02 -05:00			`"value" : "In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service (resource consumption)."`
			`}`
			`]`
			`},`
			`"impact" : {`
			`"cvss" : {`
			`"attackComplexity" : "LOW",`
			`"attackVector" : "LOCAL",`
			`"availabilityImpact" : "LOW",`
			`"baseScore" : 4.4,`
			`"baseSeverity" : "MEDIUM",`
			`"confidentialityImpact" : "NONE",`
			`"integrityImpact" : "LOW",`
			`"privilegesRequired" : "LOW",`
			`"scope" : "UNCHANGED",`
			`"userInteraction" : "NONE",`
			`"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",`
			`"version" : "3.0"`
			`}`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "incorrect permission checking lead to authenticated users to cause rebuilds or allowing wiping binaries in other projects."`
			`}`
			`]`
			`},`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "CWE-285"`
			`}`
			`]`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`}`
			`]`
- Added submissions from Micro Focus from 2018-03-01. 2018-03-01 13:26:02 -05:00			`},`
			`"references" : {`
			`"reference_data" : [`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1045519",`
			`"refsource" : "CONFIRM",`
- Added submissions from Micro Focus from 2018-03-01. 2018-03-01 13:26:02 -05:00			`"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1045519"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://github.com/openSUSE/open-build-service/pull/3267",`
			`"refsource" : "CONFIRM",`
- Added submissions from Micro Focus from 2018-03-01. 2018-03-01 13:26:02 -05:00			`"url" : "https://github.com/openSUSE/open-build-service/pull/3267"`
			`}`
			`]`
			`},`
			`"source" : {`
			`"advisory" : "CVE-2017-9268",`
			`"defect" : [`
			`"https://bugzilla.suse.com/show_bug.cgi?id=1045519"`
			`],`
			`"discovery" : "INTERNAL"`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`}`
			`}`