Posted on

CVE-2010-3782 (linux_enterprise_server, obs-server)

obs-server before 1.7.7 allows logins by ‘unconfirmed’ accounts due to a bug in the REST api implementation.