CVE-2018-12475

CWE-6104 documents4 sources
Severity
5.4MEDIUM
EPSS
0.4%
top 38.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Opensuse Open Build Service
Timeline
PublishedSep 1
Latest updateMay 24

Description

A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. This issue affects: openSUSE Open Build Service .

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages1 packages

CVEListV5opensuse/open_build_serviceobs-service-download_files0.6.2

🔴Vulnerability Details

3
GHSA
GHSA-g9wc-c5v2-f8gx: A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows au2022-05-24
CVEList
obs-service-download_files allows downloading from localhost or intranet hosts2020-09-01
OSV
CVE-2018-12475: A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows au2020-09-01
CVE-2018-12475 (MEDIUM CVSS 5.4) | A Externally Controlled Reference t | cvebase.io