CVE-2018-12476
MEDIUMSUSE Linux Enterprise Server 15, openSUSE Factory - Path Traversal
Title source: llmDescription
Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74.
References (1)
Core 1
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=1107944
Scores
CVSS v3
4.3
EPSS
0.0047
EPSS Percentile
64.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Details
CWE
CWE-22
CWE-23
Status
published
Products (1)
suse/obs-service-tar_scm
< 0.9.2.1537788075.fefaa74
Published
Jan 27, 2020
Tracked Since
Feb 18, 2026