Vulnerability CVE-2018-12474

Vulnerability Name:

CVE-2018-12474 (CCN-151292)

Assigned:

2018-09-26

Published:

2018-09-26

Updated:

2019-10-09

Summary:

Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE Open Build Service: versions prior to 51a17c553b6ae2598820b7a90fd0c11502a49106.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

9.1 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
7.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

9.4 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): None

Vulnerability Type:

CWE-20

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2018-12474

Source: CCN
Type: Bugzilla Bug 1107507
(CVE-2018-12474) VUL-0: CVE-2018-12474: obs-service-tar_scm: crafted service parameters allow unexpected behaviour

Source: CONFIRM
Type: Issue Tracking, Vendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1107507

Source: XF
Type: UNKNOWN
opensuse-cve201812474-sec-bypass(151292)

Source: CCN
Type: obs-service-tar_scm GIT Repository
Bug 1107507 #251

Source: CONFIRM
Type: Third Party Advisory
https://github.com/openSUSE/obs-service-tar_scm/pull/254

Vulnerable Configuration:

Configuration 1:

cpe:/o:opensuse:tar_scm:*:*:*:*:*:*:*:* (Version < 0.9.3)

Configuration CCN 1:

cpe:/a:opensuse:open_build_service:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201812474	V	CVE-2018-12474	2022-09-01
oval:org.opensuse.security:def:3353	P	rpcbind-0.2.3-24.9.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3365	P	shim-14-25.6.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:113047	P	obs-service-appimage-0.10.28.1632141620.a8837d3-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:10442	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:10699	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:106487	P	obs-service-appimage-0.10.28.1632141620.a8837d3-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:11423	P	mozilla-nspr-32bit-4.10.7-1.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11401	P	libsmi-0.4.8-18.63 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:10674	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:51736	P	Security update for java-1_8_0-openjdk (Moderate)	2021-02-19
oval:org.opensuse.security:def:10599	P	Security update for MozillaThunderbird (Important)	2021-01-29
oval:org.opensuse.security:def:49142	P	Security update for slurm (Important)	2021-01-18
oval:org.opensuse.security:def:16937	P	obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4101	P	obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2675	P	Security update for MozillaFirefox, mozilla-nspr and mozilla-nss (Important)	2020-12-02
oval:org.opensuse.security:def:2666	P	Security update for MozillaFirefox (Important)	2020-12-02
oval:org.opensuse.security:def:2715	P	Security update for ImageMagick (Moderate)	2020-12-02
oval:org.opensuse.security:def:2713	P	Security update for python (Important)	2020-12-02
oval:org.opensuse.security:def:2660	P	Security update for tiff (Moderate)	2020-12-02
oval:org.opensuse.security:def:2646	P	Security update for webkit2gtk3 (Moderate)	2020-12-02
oval:org.opensuse.security:def:2634	P	Security update for exiv2 (Moderate)	2020-12-02
oval:org.opensuse.security:def:2624	P	Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman (Moderate)	2020-12-02
oval:org.opensuse.security:def:2705	P	Security update for webkit2gtk3 (Important)	2020-12-02
oval:org.opensuse.security:def:2628	P	Security update for cni-plugins (Moderate)	2020-12-02
oval:org.opensuse.security:def:2699	P	Security update for SDL2 (Moderate)	2020-12-02
oval:org.opensuse.security:def:10565	P	libxml2-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49160	P	libbsd-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50356	P	Security update for perl (Moderate)	2020-12-01
oval:org.opensuse.security:def:50131	P	nodejs12 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10518	P	libmms-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51798	P	Security update for obs-service-tar_scm (Important)	2020-12-01
oval:org.opensuse.security:def:49893	P	pam-modules on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10472	P	libXp-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10750	P	libjbig-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49736	P	dpkg on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10450	P	gstreamer-0_10-plugins-bad-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50460	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:50291	P	Security update for qemu (Moderate)	2020-12-01
oval:org.opensuse.security:def:49638	P	gvfs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50387	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:49492	P	vino on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10741	P	libguestfs-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10580	P	openslp-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49287	P	pam on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49141	P	libXdmcp-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10763	P	libneon-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50221	P	colord-gtk-lang on GA media (Moderate)	2020-12-01

BACK