CVE-2018-12475: obs-service-download_files allows downloading from localhost or intranet hosts
First published: Tue Sep 01 2020(Updated: )
A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. This issue affects: openSUSE Open Build Service .
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| openSUSE Open Build Service |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2018-12475.
What is the description of this vulnerability?
This vulnerability allows authenticated users to generate HTTP requests against internal networks and potentially download exposed data.
What is the affected software?
The affected software is openSUSE Open Build Service.
What is the severity of this vulnerability?
The severity of this vulnerability is medium with a CVSS score of 5.4.
How can I fix this vulnerability?
To fix this vulnerability, patch openSUSE Open Build Service to the latest version available.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/title
- agent/references
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/opensuse
- canonical/opensuse open build service