CVE-2018-12476

obs-service-extract_file's outfilename parameter allows to write files outside of package directory

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74.

Una vulnerabilidad de Salto de Ruta Relativa en obs-service-tar_scm de SUSE Linux Enterprise Server versión 15; openSUSE Factory, permite a atacantes remotos con control sobre un repositorio sobrescribir archivos en la máquina del usuario local si un servicio malicioso es ejecutado. Este problema afecta a: obs-service-tar_scm versiones anteriores a 0.9.2.1537788075.fefaa74 de SUSE Linux Enterprise Server versión 15. obs-service-tar_scm versiones anteriores a 0.9.2.1537788075.fefaa74 de openSUSE Factory.

*Credits: Matthias Gerstner of SUSE

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-06-15 CVE Reserved
2020-01-27 CVE Published
2023-11-08 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-23: Relative Path Traversal

CAPEC

References (1)

URL	Tag	Source
https://bugzilla.suse.com/show_bug.cgi?id=1107944	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Suse Search vendor "Suse"	Obs-service-tar Scm Search vendor "Suse" for product "Obs-service-tar Scm"	< 0.9.2.1537788075.fefaa74 Search vendor "Suse" for product "Obs-service-tar Scm" and version " < 0.9.2.1537788075.fefaa74"	-	Affected	in	Suse Search vendor "Suse"	Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server"	15 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "15"	-	Safe
Suse Search vendor "Suse"	Obs-service-tar Scm Search vendor "Suse" for product "Obs-service-tar Scm"	< 0.9.2.1537788075.fefaa74 Search vendor "Suse" for product "Obs-service-tar Scm" and version " < 0.9.2.1537788075.fefaa74"	-	Affected	in	Suse Search vendor "Suse"	Opensuse Factory Search vendor "Suse" for product "Opensuse Factory"	-	-	Safe