Improper input validation in Opensuse Open Build Service
CVE-2018-12474
Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected relea…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.014 (68.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N.
Affected products
- Opensuse Open Build Service — versions unspecified
- Opensuse Tar_scm
Weakness classification (CWE)
References
- security@opentext.com (x_refsource_CONFIRM)
- security@opentext.com (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2018-12474?
- CVE-2018-12474 is a medium-severity vulnerability in Opensuse Open Build Service, classified under Improper Input Validation. CVSS score: 5.4/10. Published 2018-10-09.
- How severe is CVE-2018-12474?
- Medium severity. CVSS v3 base score is 5.4 out of 10.