CVE-2015-0796 MEDIUM

CVE-2015-0796: open build service source server symlink exploitation via source patch

Vendor Suse
Product open build service
Weakness CWE-434 · Unrestricted file upload
Published March 2, 2018
Last update September 16, 2024

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service.

Key dates

02Disclosure timeline

March 2, 2018 CVE published
September 16, 2024 Record updated