rpm package
opensuse/obs-service-tar_scm&distro=openSUSE Leap 15.0
pkg:rpm/opensuse/obs-service-tar_scm&distro=openSUSE%20Leap%2015.0
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-12476 | — | < 0.10.5.1551309990.79898c7-lp150.2.3.1 | 0.10.5.1551309990.79898c7-lp150.2.3.1 | Jan 27, 2020 | Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUS | ||
| CVE-2018-12474 | — | < 0.10.5.1551309990.79898c7-lp150.2.3.1 | 0.10.5.1551309990.79898c7-lp150.2.3.1 | Oct 9, 2018 | Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE Open Build Service: vers | ||
| CVE-2018-12473 | — | < 0.10.5.1551309990.79898c7-lp150.2.3.1 | 0.10.5.1551309990.79898c7-lp150.2.3.1 | Oct 2, 2018 | A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: |
- CVE-2018-12476Jan 27, 2020affected < 0.10.5.1551309990.79898c7-lp150.2.3.1fixed 0.10.5.1551309990.79898c7-lp150.2.3.1
Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUS
- CVE-2018-12474Oct 9, 2018affected < 0.10.5.1551309990.79898c7-lp150.2.3.1fixed 0.10.5.1551309990.79898c7-lp150.2.3.1
Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE Open Build Service: vers
- CVE-2018-12473Oct 2, 2018affected < 0.10.5.1551309990.79898c7-lp150.2.3.1fixed 0.10.5.1551309990.79898c7-lp150.2.3.1
A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: