Vulnerabilities > CVE-2018-12475 - Unspecified vulnerability in Opensuse Open Build Service

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

opensuse

NVD

Published: 2020-09-01

Updated: 2024-11-21

Summary

A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. This issue affects: openSUSE Open Build Service .

Vulnerable Configurations

Part	Description	Count
Application	Opensuse Opensuse Open Build Service -	1

References

https://bugzilla.suse.com/show_bug.cgi?id=1107821
https://bugzilla.suse.com/show_bug.cgi?id=1107821