{"id":"CVE-2020-8021","details":"a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5.","modified":"2026-03-14T01:39:40.658751Z","published":"2020-05-19T15:15:12.090Z","references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/02/msg00006.html"},{"type":"FIX","url":"https://bugzilla.suse.com/show_bug.cgi?id=1171649"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opensuse/open-build-service","events":[{"introduced":"0"},{"fixed":"913a28d0c5cd32f4797f2c569dbfd3f856e9c361"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.10.5"}]}}],"versions":["1.9.90","1.9.91","1.9.92","2.10","2.10.0","2.10.1","2.10.2","2.10.3","2.10.4","2.3.60","2.3.90","2.3.91","2.4.50","2.4.51","2.5.50"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8021.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}