CVE-2018-12475 is a vulnerability in OpenSuse Open Build Service
Published on September 1, 2020
obs-service-download_files allows downloading from localhost or intranet hosts
A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. This issue affects: openSUSE Open Build Service .
Vulnerability Analysis
CVE-2018-12475 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Weakness Type
Externally Controlled Reference to a Resource in Another Sphere
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
Products Associated with CVE-2018-12475
Want to know whenever a new CVE is published for OpenSuse Open Build Service? stack.watch will email you.
Affected Versions
openSUSE Open Build Service:- Version obs-service-download_files, <= 0.6.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.