CVE-2018-12475
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. This issue affects: openSUSE Open Build Service .
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| openSUSE | Open Build Service | obs-service-download_files <= 0.6.2 | affected |
Weaknesses
- CWE-610: CWE-610: Externally Controlled Reference to a Resource in Another Sphere
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.