Improper input validation in Opensuse Open Build Service

CVE-2018-12474

Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected relea…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.014 (68.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2018-12474?
CVE-2018-12474 is a medium-severity vulnerability in Opensuse Open Build Service, classified under Improper Input Validation. CVSS score: 5.4/10. Published 2018-10-09.
How severe is CVE-2018-12474?
Medium severity. CVSS v3 base score is 5.4 out of 10.