CVE-2024-22034

Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim

Credits

Daniel Mach of SUSE

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22034