CVE-2018-12475

Summary

A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. This issue affects: openSUSE Open Build Service .

Affected Software

VendorProductVersion RangeStatus
openSUSEOpen Build Serviceobs-service-download_files <= 0.6.2affected

Weaknesses

  • CWE-610: CWE-610: Externally Controlled Reference to a Resource in Another Sphere

ADP Enrichment

CVE Program Container

Additional References

References