CVE-2018-12477
LOWOpen Build Service <d6244245dda5367767efc989446fe4b5e4609cce - Info...
Title source: llmDescription
A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609cce.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory
https://lwn.net/Articles/766535/
Issue Tracking x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=1108189
Scores
CVSS v3
3.5
EPSS
0.0117
EPSS Percentile
63.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Details
CWE
CWE-93
Status
published
Products (2)
opensuse/leap
15.0
opensuse/leap
42.3
Published
Oct 09, 2018
Tracked Since
Feb 18, 2026