CVE-2018-12474 — MEDIUM (5.4)

Q: How severe is CVE-2018-12474?

CVE-2018-12474 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-12474?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Tar Scm.

Vulnerability Description

Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE Open Build Service: versions prior to 51a17c553b6ae2598820b7a90fd0c11502a49106.

CVSS Score

5.4

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Opensuse	Tar Scm	< 0.9.3

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2018-12474?

CVE-2018-12474 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attack...

How severe is CVE-2018-12474?

CVE-2018-12474 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-12474?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Tar Scm.