| Bug ID | 1101266 |
|---|---|
| Summary | paste.opensuse.org no login required -- security risk |
| Classification | openSUSE |
| Product | openSUSE.org |
| Version | unspecified |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Major |
| Priority | P5 - None |
| Component | Infrastructure |
| Assignee | mrueckert@suse.com |
| Reporter | rh@eng-int.co.uk |
| QA Contact | lars.vogdt@suse.com |
| Found By | --- |
| Blocker | --- |
It is possible to browse, download and create pastes at paste.opensuse.org without an openSUSE login. I have tested this using Firefox, Chromium and W3M browsers from different locations/networks. This could allow the paste service to be used by anonymous actors to distribute malware. It also risks opensuse.org being classified as an file-sharing site and being blocked by security conscious organisations.