admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-10 02:04:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'obs' of https://github.com/jsegitz/cvelist

Browse Source
This commit is contained in:
CVE Team 2018-10-09 08:02:44 -04:00
commit 611cbe4073
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
4 changed files with 352 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
2018/12xxx/CVE-2018-12474.json
View File

@ -1,18 +1,99 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12474",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"DATE_PUBLIC": "2018-09-26T00:00:00.000Z",
"ID": "CVE-2018-12474",
"STATE": "PUBLIC",
"TITLE": "Crafted service parameters allows to induce unexpected behaviour in obs-service-tar_scm"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Open Build Service",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "51a17c553b6ae2598820b7a90fd0c11502a49106"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matthias Gerstner of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "Inproper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations.\nAffected releases are openSUSE Open Build Service:\n versions prior to 51a17c553b6ae2598820b7a90fd0c11502a49106."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1107507",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1107507"
},
{
"name": "https://github.com/openSUSE/obs-service-tar_scm/pull/254",
"refsource": "CONFIRM",
"url": "https://github.com/openSUSE/obs-service-tar_scm/pull/254"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1107507",
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1107507"
],
"discovery": "INTERNAL"
}
}

99
2018/12xxx/CVE-2018-12477.json
View File

@ -1,18 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12477",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"DATE_PUBLIC": "2018-09-26T00:00:00.000Z",
"ID": "CVE-2018-12477",
"STATE": "PUBLIC",
"TITLE": "obs-service-refresh_patches can be tricked into deleting '..' or other unrelated directories"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Open Build Service",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "d6244245dda5367767efc989446fe4b5e4609cce"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matthias Gerstner of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. \nAffected releases are openSUSE Open Build Service:\n versions prior to d6244245dda5367767efc989446fe4b5e4609cce."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1108189",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1108189"
}
]
},
"source": {
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1108189"
],
"discovery": "INTERNAL"
}
}
}

97
2018/12xxx/CVE-2018-12478.json
View File

@ -1,18 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12478",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"DATE_PUBLIC": "2018-09-26T00:00:00.000Z",
"ID": "CVE-2018-12478",
"STATE": "PUBLIC",
"TITLE": "obs-service-replace_using_package_version allows to specify arbitrary input files "
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Open Build Service",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matthias Gerstner of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs.\nAffected releases are openSUSE Open Build Service:\nstatus of is unknown."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1108280",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1108280"
}
]
},
"source": {
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1108280"
],
"discovery": "INTERNAL"
}
}

99
2018/12xxx/CVE-2018-12479.json
View File

@ -1,18 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12479",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"DATE_PUBLIC": "2018-09-26T00:00:00.000Z",
"ID": "CVE-2018-12479",
"STATE": "PUBLIC",
"TITLE": "Request controller allows to create requests with arbitrary request IDs"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Open Build Service",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "01b015ca2a320afc4fae823465d1e72da8bd60df"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matthias Gerstner of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs.\nAffected releases are openSUSE Open Build Service:\n versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1108435",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1108435"
}
]
},
"source": {
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1108435"
],
"discovery": "INTERNAL"
}
}
}