Lucene search

[email protected]NVD:CVE-2017-5188

HistoryMar 01, 2018 - 8:29 p.m.

CVE-2017-5188

2018-03-0120:29:00

CWE-200

CWE-59

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.002

Percentile

55.5%

JSON

The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information.

Affected configurations

Nvd

Node

opensuseopen_build_serviceRange≤2.7.3

VendorProductVersionCPE
opensuseopen_build_service*cpe:2.3:a:opensuse:open_build_service:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opensuse	open_build_service	*	cpe:2.3:a:opensuse:open_build_service::::::::

References

bugzilla.suse.com/show_bug.cgi?id=1029824

github.com/openSUSE/open-build-service/commit/ba27c91351878bc297ec4baba0bd488a2f3b568d

www.suse.com/de-de/security/cve/CVE-2017-5188/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.002

Percentile

55.5%

JSON

Related for NVD:CVE-2017-5188

osv1 cvelist1 debiancve1 ubuntucve1 cve1 prion1