Path Traversal in Opensuse Open Build Service
CVE-2018-12473
A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected…
EPSS: 0.018 (76.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 3.1 (Low). Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Opensuse Open Build Service — versions unspecified
- Opensuse Open_build_service
Weakness classification (CWE)
References
- security@opentext.com (x_refsource_CONFIRM)
- security@opentext.com (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2018-12473?
- CVE-2018-12473 is a low-severity vulnerability in Opensuse Open Build Service, classified under Relative Path Traversal. CVSS score: 3.1/10. Published 2018-10-02.
- How severe is CVE-2018-12473?
- Low severity. CVSS v3 base score is 3.1 out of 10.