OVAL Reference oval:org.opensuse.security:def:201816476

Oval Definition:

oval:org.opensuse.security:def:201816476

Revision Date:	2022-06-30	Version:	1
Title:	CVE-2018-16476
Description:	A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2018-16476 SUSE-SU-2018:3996-1 SUSE-SU-2019:0152-1 openSUSE-SU-2018:4041-1 Mitre CVE-2018-16476 SUSE CVE-2018-16476 SUSE-SU-2018:3996-1 SUSE-SU-2019:0152-1 openSUSE-SU-2018:4041-1
Platform(s):	openSUSE Leap 15.0 openSUSE Tumbleweed SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Storage 6 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud Crowbar 8	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information ruby2.5-rubygem-activejob-5_1-5.1.4-lp150.2.3 is installed AND ruby2.5-rubygem-activejob-5_1 is signed with openSUSE key OR ruby2.5-rubygem-activejob-doc-5_1-5.1.4-lp150.2.3 is installed AND ruby2.5-rubygem-activejob-doc-5_1 is signed with openSUSE key
Definition Synopsis
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed AND Package Information ruby2.5-rubygem-activejob-doc-5_1-5.1.4-3.3 is installed OR rubygem-activejob-5_1-5.1.4-3.3 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed AND ruby2.5-rubygem-activejob-doc-5_1-5.1.4-3.3 is installed OR rubygem-activejob-5_1-5.1.4-3.3 is installed OR Package Information SUSE Linux Enterprise High Availability 15 is installed AND ruby2.5-rubygem-activejob-5_1-5.1.4-3.3 is installed OR rubygem-activejob-5_1-5.1.4-3.3 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND ruby2.1-rubygem-activejob-4_2-4.2.9-3.6.1 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND ruby2.1-rubygem-activejob-4_2-4.2.9-3.6.1 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise High Availability 15 SP1 is installed AND ruby2.5-rubygem-activejob-5_1-5.1.4-3.3 is installed OR Package Information SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed AND ruby2.5-rubygem-activejob-doc-5_1-5.1.4-3.3 is installed OR rubygem-activejob-5_1-5.1.4-3.3 is installed OR Package Information SUSE Linux Enterprise High Availability 15 is installed AND ruby2.5-rubygem-activejob-5_1-5.1.4-3.3 is installed OR rubygem-activejob-5_1-5.1.4-3.3 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 15 SP1 is installed AND ruby2.5-rubygem-activejob-5_1-5.1.4-3.3 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 15 SP1 is installed AND ruby2.5-rubygem-activejob-5_1-5.1.4-3.3.1 is installed
Definition Synopsis
openSUSE Tumbleweed is installed AND Package Information ruby2.7-rubygem-activejob-5.2-5.2.6-1.2 is installed OR ruby2.7-rubygem-rails-5.2-5.2.6-1.2 is installed OR ruby3.0-rubygem-activejob-5.2-5.2.6-1.2 is installed OR ruby3.0-rubygem-rails-5.2-5.2.6-1.2 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise High Availability 15 SP1 is installed AND ruby2.5-rubygem-activejob-5_1-5.1.4-3.3.1 is installed OR Package Information SUSE Linux Enterprise High Availability 15 is installed AND ruby2.5-rubygem-activejob-5_1-5.1.4-3.3.1 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise High Availability 15 SP1 is installed OR SUSE Linux Enterprise High Performance Computing 15 SP1 is installed OR SUSE Linux Enterprise Server 15 SP1 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed OR SUSE Manager Proxy 4.0 is installed OR SUSE Manager Retail Branch Server 4.0 is installed OR SUSE Manager Server 4.0 is installed AND ruby2.5-rubygem-activejob-5_1-5.1.4-3.3.1 is installed

BACK