CVE-2018-12476 obs-service-extract_file's outfilename parameter allows to write files outside of package directory

2020-01-2708:30:14

CWE-23

microfocus

www.cve.org

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

53.0%

JSON

Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74.

CNA Affected

[
  {
    "product": "SUSE Linux Enterprise Server 15",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "0.9.2.1537788075.fefaa74:",
        "status": "affected",
        "version": "obs-service-tar_scm",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Factory",
    "vendor": "openSUSE",
    "versions": [
      {
        "lessThan": "0.9.2.1537788075.fefaa74",
        "status": "affected",
        "version": "obs-service-tar_scm",
        "versionType": "custom"
      }
    ]
  }
]