{"id":"CVE-2020-8021","details":"a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5.","modified":"2026-05-28T04:04:14.417656608Z","published":"2020-05-19T15:15:12.090Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"9.0"}],"source":"CPE_STRING","cpes":["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"vendor_product":"debian:debian_linux"}]},"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/02/msg00006.html"},{"type":"FIX","url":"https://bugzilla.suse.com/show_bug.cgi?id=1171649"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opensuse/open-build-service","events":[{"introduced":"0"},{"fixed":"913a28d0c5cd32f4797f2c569dbfd3f856e9c361"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"2.10.5"}],"source":"CPE_RANGE","cpe":"cpe:2.3:a:opensuse:open_build_service:*:*:*:*:*:*:*:*"}}],"versions":["2.10.4","2.10.3","2.10.2","2.10.1","2.10.0","2.10","2.5.50","2.4.51","2.4.50","2.3.91","2.3.90","2.3.60","1.9.92","1.9.91","1.9.90"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8021.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}