CVE-2017-5188

Summary

The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information.

Affected Software

VendorProductVersion RangeStatus
openSUSEopen build serviceunspecified < 20170320affected

Weaknesses

  • Missing checking for symlinks could use as a path traversal to read files outside of a specific directory.

ADP Enrichment

CVE Program Container

Additional References

References