CVE-2011-0466

Description

The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and 2.1.x before 2.1.6 allows attackers to bypass intended write-access restrictions and modify a (1) package or (2) project via unspecified vectors.

Affected products

• Novell / opensuse_build_service2.0 – 2.0
• Novell / opensuse_build_service2.0.0 – 2.0.0
• Novell / opensuse_build_service2.0.1 – 2.0.1
• Novell / opensuse_build_service2.0.2 – 2.0.2
• Novell / opensuse_build_service2.0.3 – 2.0.3
• Novell / opensuse_build_service2.0.4 – 2.0.4
• Novell / opensuse_build_service2.0.5 – 2.0.5
• Novell / opensuse_build_service2.0.6 – 2.0.6
• Novell / opensuse_build_service2.0.7 – 2.0.7
• Novell / opensuse_build_service2.0.16 – 2.0.16
• Novell / opensuse_build_service2.0.103 – 2.0.103
• Novell / opensuse_build_service2.0.104 – 2.0.104
• Novell / opensuse_build_service2.0.106 – 2.0.106
• Novell / opensuse_build_service2.1 – 2.1
• Novell / opensuse_build_service2.1.0 – 2.1.0
• Novell / opensuse_build_service2.1.1 – 2.1.1
• Novell / opensuse_build_service2.1.2 – 2.1.2
• Novell / opensuse_build_service2.1.3 – 2.1.3
• Novell / opensuse_build_service2.1.4 – 2.1.4
• Novell / opensuse_build_service2.1.5 – 2.1.5
• Novell / opensuse_build_service2.1.5.1 – 2.1.5.1

References

• MISChttp://news.opensuse.org/2011/03/02/build-service-team-releases-new-versions-fixing-security-problems/