CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-12476

Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 48.7%

CVSS Severity

CVSS v3 Score 4.3

CVSS v2 Score 6.4

References

https://bugzilla.suse.com/show_bug.cgi?id=1107944
https://bugzilla.suse.com/show_bug.cgi?id=1107944

Products affected by CVE-2018-12476

Suse » Obs-Service-Tar Scm » Version: N/A

cpe:2.3:a:suse:obs-service-tar_scm:-
Suse » Opensuse Factory » Version: N/A

cpe:2.3:o:suse:opensuse_factory:-
Suse » Suse Linux Enterprise Server » Version: 15

cpe:2.3:o:suse:suse_linux_enterprise_server:15

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-12476

Products

Pricing

Contact Us