CVE-2014-0594 Information

Description

In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface allowing for requests without the user’s consent.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

https://bugzilla.suse.com/show_bug.cgi?id=870606 https://github.com/openSUSE/open-build-service/commit/2188c059b67b82171d0e28ef59f77e62d22a09d8

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8