CVE-2018-12473 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-12473 Interim 1 21 2023-09-07T00:35:07Z current 2021-05-30T14:14:28Z 2023-09-07T00:35:07Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-12473 A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2019-March/005169.html E-Mail link for SUSE-SU-2019:0540-1 https://lists.opensuse.org/opensuse-security-announce/2019-03/msg00020.html E-Mail link for openSUSE-SU-2019:0326-1 https://lists.opensuse.org/opensuse-security-announce/2019-03/msg00024.html E-Mail link for openSUSE-SU-2019:0329-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Package Hub 15 openSUSE Leap 15.0 openSUSE Tumbleweed obs-service-appimage-0.10.28.1632141620.a8837d3-1.1 obs-service-appimage-0.10.5.1551309990.79898c7-bp150.3.3.1 obs-service-appimage-0.10.5.1551309990.79898c7-lp150.2.3.1 obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1 obs-service-obs_scm-0.10.28.1632141620.a8837d3-1.1 obs-service-obs_scm-0.10.5.1551309990.79898c7-bp150.3.3.1 obs-service-obs_scm-0.10.5.1551309990.79898c7-lp150.2.3.1 obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1 obs-service-obs_scm-common-0.10.28.1632141620.a8837d3-1.1 obs-service-obs_scm-common-0.10.5.1551309990.79898c7-bp150.3.3.1 obs-service-obs_scm-common-0.10.5.1551309990.79898c7-lp150.2.3.1 obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1 obs-service-snapcraft-0.10.28.1632141620.a8837d3-1.1 obs-service-snapcraft-0.10.5.1551309990.79898c7-bp150.3.3.1 obs-service-snapcraft-0.10.5.1551309990.79898c7-lp150.2.3.1 obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1 obs-service-tar-0.10.28.1632141620.a8837d3-1.1 obs-service-tar-0.10.5.1551309990.79898c7-bp150.3.3.1 obs-service-tar-0.10.5.1551309990.79898c7-lp150.2.3.1 obs-service-tar-0.10.6.1551887937.e42c270-1.3.1 obs-service-tar_scm-0.10.28.1632141620.a8837d3-1.1 obs-service-tar_scm-0.10.5.1551309990.79898c7-bp150.3.3.1 obs-service-tar_scm-0.10.5.1551309990.79898c7-lp150.2.3.1 obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1 obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 obs-service-tar-0.10.6.1551887937.e42c270-1.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 obs-service-appimage-0.10.5.1551309990.79898c7-bp150.3.3.1 as a component of SUSE Package Hub 15 obs-service-obs_scm-0.10.5.1551309990.79898c7-bp150.3.3.1 as a component of SUSE Package Hub 15 obs-service-obs_scm-common-0.10.5.1551309990.79898c7-bp150.3.3.1 as a component of SUSE Package Hub 15 obs-service-snapcraft-0.10.5.1551309990.79898c7-bp150.3.3.1 as a component of SUSE Package Hub 15 obs-service-tar-0.10.5.1551309990.79898c7-bp150.3.3.1 as a component of SUSE Package Hub 15 obs-service-tar_scm-0.10.5.1551309990.79898c7-bp150.3.3.1 as a component of SUSE Package Hub 15 obs-service-appimage-0.10.5.1551309990.79898c7-lp150.2.3.1 as a component of openSUSE Leap 15.0 obs-service-obs_scm-0.10.5.1551309990.79898c7-lp150.2.3.1 as a component of openSUSE Leap 15.0 obs-service-obs_scm-common-0.10.5.1551309990.79898c7-lp150.2.3.1 as a component of openSUSE Leap 15.0 obs-service-snapcraft-0.10.5.1551309990.79898c7-lp150.2.3.1 as a component of openSUSE Leap 15.0 obs-service-tar-0.10.5.1551309990.79898c7-lp150.2.3.1 as a component of openSUSE Leap 15.0 obs-service-tar_scm-0.10.5.1551309990.79898c7-lp150.2.3.1 as a component of openSUSE Leap 15.0 obs-service-appimage-0.10.28.1632141620.a8837d3-1.1 as a component of openSUSE Tumbleweed obs-service-obs_scm-0.10.28.1632141620.a8837d3-1.1 as a component of openSUSE Tumbleweed obs-service-obs_scm-common-0.10.28.1632141620.a8837d3-1.1 as a component of openSUSE Tumbleweed obs-service-snapcraft-0.10.28.1632141620.a8837d3-1.1 as a component of openSUSE Tumbleweed obs-service-tar-0.10.28.1632141620.a8837d3-1.1 as a component of openSUSE Tumbleweed obs-service-tar_scm-0.10.28.1632141620.a8837d3-1.1 as a component of openSUSE Tumbleweed A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0. CVE-2018-12473 SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1 SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1 SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1 SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1 SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-tar-0.10.6.1551887937.e42c270-1.3.1 SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1 SUSE Package Hub 15:obs-service-appimage-0.10.5.1551309990.79898c7-bp150.3.3.1 SUSE Package Hub 15:obs-service-obs_scm-0.10.5.1551309990.79898c7-bp150.3.3.1 SUSE Package Hub 15:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-bp150.3.3.1 SUSE Package Hub 15:obs-service-snapcraft-0.10.5.1551309990.79898c7-bp150.3.3.1 SUSE Package Hub 15:obs-service-tar-0.10.5.1551309990.79898c7-bp150.3.3.1 SUSE Package Hub 15:obs-service-tar_scm-0.10.5.1551309990.79898c7-bp150.3.3.1 openSUSE Leap 15.0:obs-service-appimage-0.10.5.1551309990.79898c7-lp150.2.3.1 openSUSE Leap 15.0:obs-service-obs_scm-0.10.5.1551309990.79898c7-lp150.2.3.1 openSUSE Leap 15.0:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-lp150.2.3.1 openSUSE Leap 15.0:obs-service-snapcraft-0.10.5.1551309990.79898c7-lp150.2.3.1 openSUSE Leap 15.0:obs-service-tar-0.10.5.1551309990.79898c7-lp150.2.3.1 openSUSE Leap 15.0:obs-service-tar_scm-0.10.5.1551309990.79898c7-lp150.2.3.1 openSUSE Tumbleweed:obs-service-appimage-0.10.28.1632141620.a8837d3-1.1 openSUSE Tumbleweed:obs-service-obs_scm-0.10.28.1632141620.a8837d3-1.1 openSUSE Tumbleweed:obs-service-obs_scm-common-0.10.28.1632141620.a8837d3-1.1 openSUSE Tumbleweed:obs-service-snapcraft-0.10.28.1632141620.a8837d3-1.1 openSUSE Tumbleweed:obs-service-tar-0.10.28.1632141620.a8837d3-1.1 openSUSE Tumbleweed:obs-service-tar_scm-0.10.28.1632141620.a8837d3-1.1 important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N