From e559a77f5fc9e17be719325185f074d46475ef8a Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Thu, 4 Oct 2018 15:32:14 +0200 Subject: [PATCH 1/3] obs CVEs --- 2018/12xxx/CVE-2018-12474.json | 103 +++++++++++++++++++++++++++++---- 2018/12xxx/CVE-2018-12477.json | 99 +++++++++++++++++++++++++++---- 2018/12xxx/CVE-2018-12478.json | 98 +++++++++++++++++++++++++++---- 2018/12xxx/CVE-2018-12479.json | 99 +++++++++++++++++++++++++++---- 4 files changed, 352 insertions(+), 47 deletions(-) diff --git a/2018/12xxx/CVE-2018-12474.json b/2018/12xxx/CVE-2018-12474.json index 30baf62925b..3c12273bbc4 100644 --- a/2018/12xxx/CVE-2018-12474.json +++ b/2018/12xxx/CVE-2018-12474.json @@ -1,18 +1,99 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12474", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "security@suse.de", + "DATE_PUBLIC": "2018-09-26T00:00:00.000Z", + "ID": "CVE-2018-12474", + "STATE": "PUBLIC", + "TITLE": "Crafted service parameters allows to induce unexpected behaviour in obs-service-tar_scm" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Open Build Service", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "51a17c553b6ae2598820b7a90fd0c11502a49106" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Matthias Gerstner of SUSE" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "Inproper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations.\nAffected releases are openSUSE Open Build Service:\n versions prior to 51a17c553b6ae2598820b7a90fd0c11502a49106." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1107507", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1107507" + }, + { + "name": "https://github.com/openSUSE/obs-service-tar_scm/pull/254", + "refsource": "CONFIRM", + "url": "https://github.com/openSUSE/obs-service-tar_scm/pull/254" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1107507", + "defect": [ + "https://bugzilla.suse.com/show_bug.cgi?id=1107507" + ], + "discovery": "INTERNAL" } } diff --git a/2018/12xxx/CVE-2018-12477.json b/2018/12xxx/CVE-2018-12477.json index 62d0f7b61ca..ebe9efa3ddf 100644 --- a/2018/12xxx/CVE-2018-12477.json +++ b/2018/12xxx/CVE-2018-12477.json @@ -1,18 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12477", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "security@suse.de", + "DATE_PUBLIC": "2018-09-26T00:00:00.000Z", + "ID": "CVE-2018-12477", + "STATE": "PUBLIC", + "TITLE": "obs-service-refresh_patches can be tricked into deleting '..' or other unrelated directories" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Open Build Service", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "d6244245dda5367767efc989446fe4b5e4609cce" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Matthias Gerstner of SUSE" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. \nAffected releases are openSUSE Open Build Service:\n versions prior to d6244245dda5367767efc989446fe4b5e4609cce." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1108189", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1108189" + } + ] + }, + "source": { + "defect": [ + "https://bugzilla.suse.com/show_bug.cgi?id=1108189" + ], + "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12478.json b/2018/12xxx/CVE-2018-12478.json index ef62e64e11b..1a4a181921c 100644 --- a/2018/12xxx/CVE-2018-12478.json +++ b/2018/12xxx/CVE-2018-12478.json @@ -1,18 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12478", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "security@suse.de", + "DATE_PUBLIC": "2018-09-26T00:00:00.000Z", + "ID": "CVE-2018-12478", + "STATE": "PUBLIC", + "TITLE": "obs-service-replace_using_package_version allows to specify arbitrary input files " }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Open Build Service", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Matthias Gerstner of SUSE" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs.\nAffected releases are openSUSE Open Build Service:\nstatus of is unknown." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1108280", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1108280" + } + ] + }, + "source": { + "defect": [ + "https://bugzilla.suse.com/show_bug.cgi?id=1108280" + ], + "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12479.json b/2018/12xxx/CVE-2018-12479.json index e967a52c256..acd685532f0 100644 --- a/2018/12xxx/CVE-2018-12479.json +++ b/2018/12xxx/CVE-2018-12479.json @@ -1,18 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12479", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "security@suse.de", + "DATE_PUBLIC": "2018-09-26T00:00:00.000Z", + "ID": "CVE-2018-12479", + "STATE": "PUBLIC", + "TITLE": "Request controller allows to create requests with arbitrary request IDs" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Open Build Service", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "01b015ca2a320afc4fae823465d1e72da8bd60df" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Matthias Gerstner of SUSE" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs.\nAffected releases are openSUSE Open Build Service:\n versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1108435", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1108435" + } + ] + }, + "source": { + "defect": [ + "https://bugzilla.suse.com/show_bug.cgi?id=1108435" + ], + "discovery": "INTERNAL" } -} +} \ No newline at end of file From 8cf3e31f49d3d0046311cb9264b67be72de7ac08 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Thu, 4 Oct 2018 16:14:06 +0200 Subject: [PATCH 2/3] no fixed version known --- 2018/12xxx/CVE-2018-12478.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/2018/12xxx/CVE-2018-12478.json b/2018/12xxx/CVE-2018-12478.json index 1a4a181921c..e8dda8b80cf 100644 --- a/2018/12xxx/CVE-2018-12478.json +++ b/2018/12xxx/CVE-2018-12478.json @@ -17,7 +17,6 @@ "version": { "version_data": [ { - "affected": "?" } ] } @@ -89,4 +88,4 @@ ], "discovery": "INTERNAL" } -} \ No newline at end of file +} From c3049435fbe7d731d3928c41b83a5c73ffab8886 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Thu, 4 Oct 2018 16:21:38 +0200 Subject: [PATCH 3/3] specifying unknown version --- 2018/12xxx/CVE-2018-12478.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/2018/12xxx/CVE-2018-12478.json b/2018/12xxx/CVE-2018-12478.json index e8dda8b80cf..8b6581a6a13 100644 --- a/2018/12xxx/CVE-2018-12478.json +++ b/2018/12xxx/CVE-2018-12478.json @@ -17,6 +17,8 @@ "version": { "version_data": [ { + "affected": "<", + "version_value": "n/a" } ] }