CVE-2018-12475 MEDIUM

CVE-2018-12475: obs-service-download_files allows downloading from localhost or intranet hosts

Vendor Opensuse
Product Open Build Service
Weakness CWE-610
Published September 1, 2020
Last update September 17, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. This issue affects: openSUSE Open Build Service .

Key dates

02Disclosure timeline

September 1, 2020 CVE published
September 17, 2024 Record updated