CVE-2018-12477
obs-service-refresh_patches can be tricked into deleting '..' or other unrelated directories
A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609cce.
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Affected products
openSUSE · Open Build ServiceWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →