CVE-2018-7688

A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt