CVE-2018-12473 — LOW (3.1) — White Hats Nepal

Q: How severe is CVE-2018-12473?

CVE-2018-12473 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-12473?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Open Build Service.

Vulnerability Description

A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0.

CVSS Score

3.1

LOW

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Opensuse	Open Build Service	<= 0.9.1

Related Weaknesses (CWE)

CWE-22 CWE-23

References

FAQ

What is CVE-2018-12473?

CVE-2018-12473 is a vulnerability with a CVSS score of 3.1 (LOW). A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by ...

How severe is CVE-2018-12473?

CVE-2018-12473 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-12473?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Open Build Service.