Vulnerability CVE-2018-12473

Vulnerability Name:

CVE-2018-12473 (CCN-151071)

Assigned:

2018-09-26

Published:

2018-09-26

Updated:

2019-10-09

Summary:

A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-22

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2018-12473

Source: CCN
Type: Bugzilla Bug 1105361
(CVE-2018-12473) VUL-0: CVE-2018-12473: obs-service-tar_scm: path traversal

Source: CONFIRM
Type: Issue Tracking, Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1105361

Source: XF
Type: UNKNOWN
opensusue-cve201812473-dir-traversal(151071)

Source: CCN
Type: obs-service-tar_scm GIT Repository
check --extract file path for parent dir #248

Source: CONFIRM
Type: Patch, Third Party Advisory
https://github.com/openSUSE/obs-service-tar_scm/pull/248

Vulnerable Configuration:

Configuration 1:

cpe:/a:opensuse:open_build_service:*:*:*:*:*:*:*:* (Version <= 0.9.1)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201812473	V	CVE-2018-12473	2022-09-01
oval:org.opensuse.security:def:3353	P	rpcbind-0.2.3-24.9.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3365	P	shim-14-25.6.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:113047	P	obs-service-appimage-0.10.28.1632141620.a8837d3-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:10442	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:10699	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:106487	P	obs-service-appimage-0.10.28.1632141620.a8837d3-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:11423	P	mozilla-nspr-32bit-4.10.7-1.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11401	P	libsmi-0.4.8-18.63 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:10674	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:51736	P	Security update for java-1_8_0-openjdk (Moderate)	2021-02-19
oval:org.opensuse.security:def:10599	P	Security update for MozillaThunderbird (Important)	2021-01-29
oval:org.opensuse.security:def:49142	P	Security update for slurm (Important)	2021-01-18
oval:org.opensuse.security:def:16937	P	obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4101	P	obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2675	P	Security update for MozillaFirefox, mozilla-nspr and mozilla-nss (Important)	2020-12-02
oval:org.opensuse.security:def:2666	P	Security update for MozillaFirefox (Important)	2020-12-02
oval:org.opensuse.security:def:2715	P	Security update for ImageMagick (Moderate)	2020-12-02
oval:org.opensuse.security:def:2713	P	Security update for python (Important)	2020-12-02
oval:org.opensuse.security:def:2660	P	Security update for tiff (Moderate)	2020-12-02
oval:org.opensuse.security:def:2646	P	Security update for webkit2gtk3 (Moderate)	2020-12-02
oval:org.opensuse.security:def:2634	P	Security update for exiv2 (Moderate)	2020-12-02
oval:org.opensuse.security:def:2624	P	Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman (Moderate)	2020-12-02
oval:org.opensuse.security:def:2705	P	Security update for webkit2gtk3 (Important)	2020-12-02
oval:org.opensuse.security:def:2628	P	Security update for cni-plugins (Moderate)	2020-12-02
oval:org.opensuse.security:def:2699	P	Security update for SDL2 (Moderate)	2020-12-02
oval:org.opensuse.security:def:10565	P	libxml2-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49160	P	libbsd-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50356	P	Security update for perl (Moderate)	2020-12-01
oval:org.opensuse.security:def:50131	P	nodejs12 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10518	P	libmms-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51798	P	Security update for obs-service-tar_scm (Important)	2020-12-01
oval:org.opensuse.security:def:49893	P	pam-modules on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10472	P	libXp-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10750	P	libjbig-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49736	P	dpkg on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10450	P	gstreamer-0_10-plugins-bad-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50460	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:50291	P	Security update for qemu (Moderate)	2020-12-01
oval:org.opensuse.security:def:49638	P	gvfs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50387	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:49492	P	vino on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10741	P	libguestfs-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10580	P	openslp-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49287	P	pam on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49141	P	libXdmcp-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10763	P	libneon-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50221	P	colord-gtk-lang on GA media (Moderate)	2020-12-01

BACK