CVE-2018-12473 LOW

CVE-2018-12473: path traversal in obs-service-tar_scm

Vendor Opensuse
Product Open Build Service
Weakness CWE-23
Published October 2, 2018
Last update September 16, 2024

CVSS base score

3.1/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0.

Key dates

02Disclosure timeline

October 2, 2018 CVE published
September 16, 2024 Record updated

Related vulnerabilities

04Related CVE