CVE-2018-12477

Published: Oct 9, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609cce.

Affected (2)

Products: Opensuse: Leap

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.0
Opensuse Leap	Version 42.3

Related CWEs

Improper Neutralization of CRLF Sequences ('CRLF Injection')

The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

References (3)

https://bugzilla.suse.com/show_bug.cgi?id=1108189

Source: security@opentext.com

https://lwn.net/Articles/766535/

Source: nvd@nist.gov

Mailing ListThird Party Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1108189

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.