obs-service-extract_file's outfilename parameter allows to write files outside of package directory

CVE-2018-12476

4.3MEDIUM

Key Information

Vendor: Suse
Status: Suse Linux Enterprise Server 15; Factory
Vendor: CVE Published:; 27 January 2020

Summary

Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74.

Affected Version(s)

SUSE Linux Enterprise Server 15 < 0.9.2.1537788075.fefaa74:

Factory < 0.9.2.1537788075.fefaa74

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Risk change from: 7.5 to: 4.3 - (MEDIUM)
Feb 22, 2024
Vulnerability published.
Jan 27, 2020
Vulnerability Reserved.
Jun 15, 2018

Collectors

NVD DatabaseMitre Database

Credit

Matthias Gerstner of SUSE