Description
The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information.
References (3)
Core 3
Core References
Patch x_refsource_confirm
https://github.com/openSUSE/open-build-service/commit/ba27c91351878bc297ec4baba0bd488a2f3b568d
Issue Tracking x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=1029824
Various Sources x_refsource_confirm
https://www.suse.com/de-de/security/cve/CVE-2017-5188/
Scores
CVSS v3
5.0
EPSS
0.0015
EPSS Percentile
35.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
CWE-59
Status
published
Products (1)
opensuse/open_build_service
< 2.7.3
Published
Mar 01, 2018
Tracked Since
Feb 18, 2026