PT-2018-8240 · Open Build Service · Open Build Service

Andreas Stieger

Published

2018-03-01

Updated

2019-10-09

CVE-2017-5188

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: open build service versions prior to 20170320

Description: The issue allows reading of files outside of the package source directory during build, potentially leading to leakage of private information. This is due to the bs worker code following relative symlinks.

Recommendations: For versions prior to 20170320, update to a version 20170320 or later to resolve the issue.

Fix

Information Disclosure

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-59

Related Identifiers

CVE-2017-5188

Affected Products

Open Build Service

PT-2018-8240 · Open Build Service · Open Build Service

CVE-2017-5188

Weakness Enumeration

Related Identifiers

Affected Products

References · 11