CVE-2018-12474— Crafted service parameters allows to induce unexpected behaviour in obs-service-tar_scm
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-12474
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Crafted service parameters allows to induce unexpected behaviour in obs-service-tar_scm
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE Open Build Service: versions prior to 51a17c553b6ae2598820b7a90fd0c11502a49106.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Open Build Service 输入验证漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Open Build Service(OBS)是一套通用的、以自动、一致和可重复的方式从源代码构建和分发软件包的系统。 Open Build Service 51a17c553b6ae2598820b7a90fd0c11502a49106之前版本中的obs-service-tar_scm存在输入验证漏洞。远程攻击者可利用该漏洞访问并提取信息,或在攻击者控制的位置创建文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| openSUSE | Open Build Service | unspecified ~ 51a17c553b6ae2598820b7a90fd0c11502a49106 | - |
II. Public POCs for CVE-2018-12474
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-12474
Please Login to view more intelligence information
- https://bugzilla.suse.com/show_bug.cgi?id=1107507x_refsource_CONFIRM
- https://github.com/openSUSE/obs-service-tar_scm/pull/254x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2018-12474
Same Patch Batch · openSUSE · 2018-10-09 · 4 CVEs total
| CVE-2018-12477 | obs-service-refresh_patches can be tricked into deleting '..' or other unrelated directori | |
| CVE-2018-12478 | obs-service-replace_using_package_version allows to specify arbitrary input files | |
| CVE-2018-12479 | Request controller allows to create requests with arbitrary request IDs |
IV. Related Vulnerabilities
V. Comments for CVE-2018-12474
No comments yet