CVE-2018-12479

CWE-20 — Improper Input Validation5 documents5 sources

Severity

7.5HIGH

EPSS

0.5%

top 34.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensuse Open Build Service

Timeline

PublishedOct 9

Latest updateMay 13

Description

A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5opensuse/open_build_serviceunspecified — 01b015ca2a320afc4fae823465d1e72da8bd60df

▶NVDopensuse/open_build_service2.9.4

▶Debianopen-build-service< 2.9.4-1

🔴Vulnerability Details

GHSA

GHSA-36p9-w333-jhg3: A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs↗2022-05-13

▶

CVEList

Request controller allows to create requests with arbitrary request IDs↗2018-10-09

▶

OSV

CVE-2018-12479: A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs↗2018-10-09

▶

📋Vendor Advisories

Debian

CVE-2018-12479: open-build-service - A Improper Input Validation vulnerability in Open Build Service allows remote at...↗2018

▶