obs-service-extract_file's outfilename parameter allows to write files outside of package directory
CVE-2018-12476

4.3MEDIUM

Key Information:

Vendor: Suse
Status: Suse Linux Enterprise Server 15; Factory
Vendor: CVE Published:; 27 January 2020

Summary

Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74.

Affected Version(s)

Factory obs-service-tar_scm < 0.9.2.1537788075.fefaa74

SUSE Linux Enterprise Server 15 obs-service-tar_scm < 0.9.2.1537788075.fefaa74:

References

https://bugzilla.suse.com/show_bug.cgi?id=1107944

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 27, 2020
Vulnerability Reserved
Jun 15, 2018

Credit

Matthias Gerstner of SUSE