Lucene search

MicrofocusCVELIST:CVE-2018-12478

HistoryOct 09, 2018 - 1:00 p.m.

CVE-2018-12478 obs-service-replace_using_package_version allows to specify arbitrary input files

2018-10-0913:00:00

CWE-20

microfocus

www.cve.org

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

57.7%

JSON

A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected releases are openSUSE Open Build Service: status of is unknown.

CNA Affected

[
  {
    "product": "Open Build Service",
    "vendor": "openSUSE",
    "versions": [
      {
        "lessThan": "n/a",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

bugzilla.suse.com/show_bug.cgi?id=1108280

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

57.7%

JSON

Related for CVELIST:CVE-2018-12478