CVE-2014-0593 — Vulnetix

CVE-2014-0593 PUBLISHED CVSS 7.800000190734863 HIGH

The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the executing server.

EPSS 0.47% · 65.0th percentile

Risk Scores

CVSS 3.0

7.800000190734863

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.47%

65.0th percentile

Affected Products

Vendor	Product	Versions
opensuse	open_build_service	0.5.3
openSUSE	obs-service-set_version	unspecified

Exploit Intelligence

[opensuse-buildservice] 20140303 EXE package format (circl)
https://bugzilla.suse.com/show_bug.cgi?id=866966 (circl)
https://www.suse.com/de-de/security/cve/CVE-2014-0593/ (circl)
https://github.com/openSUSE/obs-service-set_version/commit/10d5bddcea29f74a175f7f550924bf6407e52e93 (circl)

Timeline

Jun 8, 2018 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
May 25, 2023 EPSS Score

References

https://lists.opensuse.org/opensuse-buildservice/2014-03/msg00014.html url
https://bugzilla.suse.com/show_bug.cgi?id=866966 url
https://www.suse.com/de-de/security/cve/CVE-2014-0593/ url
https://github.com/openSUSE/obs-service-set_version/commit/10d5bddcea29f74a175f7f550924bf6407e52e93 url
https://nvd.nist.gov/vuln/detail/CVE-2014-0593 advisory
https://www.suse.com/de-de/security/cve/CVE-2014-0593 url

Open in Interactive Console →