CVE-2018-12473: path traversal in obs-service-tar_scm
First published: Wed Sep 26 2018(Updated: )
A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| openSUSE Open Build Service | <=0.9.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-12473?
CVE-2018-12473 is a path traversal vulnerability in obs-service-tar_scm of Open Build Service.
How does CVE-2018-12473 work?
CVE-2018-12473 allows remote attackers to access files not in the current build by exploiting a path traversal vulnerability.
What is the severity of CVE-2018-12473?
CVE-2018-12473 has a severity rating of 7.5 (high).
Which software versions are affected by CVE-2018-12473?
Versions prior to 0.9.1 of openSUSE Open Build Service are affected by CVE-2018-12473.
How can I fix CVE-2018-12473?
To fix CVE-2018-12473, you should update Open Build Service to version 0.9.1 or later.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/severity
- agent/weakness
- agent/title
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/opensuse
- canonical/opensuse open build service
- version/opensuse open build service/0.9.1