CVE-2018-12473 is a vulnerability in OpenSuse Open Build Service
Published on October 2, 2018
path traversal in obs-service-tar_scm
A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0.
Weakness Type
Relative Path Traversal
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.
Products Associated with CVE-2018-12473
Want to know whenever a new CVE is published for OpenSuse Open Build Service? stack.watch will email you.
Affected Versions
openSUSE Open Build Service:- Version unspecified and below 70d1aa4cc4d7b940180553a63805c22fc62e2cf0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.