CVE-2018-12474 MEDIUM

CVE-2018-12474: Crafted service parameters allows to induce unexpected behaviour in obs-service-tar_scm

Vendor Opensuse

Product Open Build Service

Weakness CWE-20 · Input validation

Published October 9, 2018

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE Open Build Service: versions prior to 51a17c553b6ae2598820b7a90fd0c11502a49106.

Key dates

02Disclosure timeline

October 9, 2018 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-12474 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

Identifiers

CVE CVE-2018-12474

CWE CWE-20

CVSS 5.4 / MEDIUM

Affected versions