CVE-2018-12477

CWE-933 documents3 sources

Severity

7.5HIGH

EPSS

0.3%

top 45.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensuse Open Build Service Opensuse Leap

Timeline

PublishedOct 9

Latest updateMay 13

Description

A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609cce.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5opensuse/open_build_serviceunspecified — d6244245dda5367767efc989446fe4b5e4609cce

▶NVDopensuse/leap15.0, 42.3+1

🔴Vulnerability Details

GHSA

GHSA-vp32-rg8f-2jxg: A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking o↗2022-05-13

▶

CVEList

obs-service-refresh_patches can be tricked into deleting '..' or other unrelated directories↗2018-10-09

▶