PT-2018-8240 · Open Build Service · Open Build Service

Andreas Stieger

Publicado

2018-03-01

Atualizado

2019-10-09

CVE-2017-5188

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: open build service versions prior to 20170320

Description: The issue allows reading of files outside of the package source directory during build, potentially leading to leakage of private information. This is due to the bs worker code following relative symlinks.

Recommendations: For versions prior to 20170320, update to a version 20170320 or later to resolve the issue.

Correção

Information Disclosure

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-59

Identificadores relacionados

CVE-2017-5188

Produtos afetados

Open Build Service

PT-2018-8240 · Open Build Service · Open Build Service

CVE-2017-5188

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11