CVE-2018-12474 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-12474 Interim 1 29 2025-11-05T03:28:17Z current 2021-05-30T14:14:28Z 2025-11-05T03:28:17Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-12474 Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE Open Build Service: versions prior to 51a17c553b6ae2598820b7a90fd0c11502a49106. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-updates/2019-April/011150.html E-Mail link for SUSE-RU-2019:0880-1 https://lists.suse.com/pipermail/sle-security-updates/2019-March/005169.html E-Mail link for SUSE-SU-2019:0540-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/24JIOIQBREAYJ3BG7I4ULI6HBEJZRTP6/#24JIOIQBREAYJ3BG7I4ULI6HBEJZRTP6 E-Mail link for openSUSE-SU-2019:0326-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SKGGMO3NGZX2ZLQDMAHVVJX4HZMC2X3E/#SKGGMO3NGZX2ZLQDMAHVVJX4HZMC2X3E E-Mail link for openSUSE-SU-2019:0329-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE OpenStack Cloud 7 SUSE Package Hub 15 openSUSE Leap 15.0 openSUSE Tumbleweed caasp-openstack-heat-templates-1.0+git.1540887180.64bfde8-1.3.2 obs-service-appimage-0.10.28.1632141620.a8837d3-1.1 obs-service-appimage-0.10.5.1551309990.79898c7-bp150.3.3.1 obs-service-appimage-0.10.5.1551309990.79898c7-lp150.2.3.1 obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1 obs-service-obs_scm-0.10.28.1632141620.a8837d3-1.1 obs-service-obs_scm-0.10.5.1551309990.79898c7-bp150.3.3.1 obs-service-obs_scm-0.10.5.1551309990.79898c7-lp150.2.3.1 obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1 obs-service-obs_scm-common-0.10.28.1632141620.a8837d3-1.1 obs-service-obs_scm-common-0.10.5.1551309990.79898c7-bp150.3.3.1 obs-service-obs_scm-common-0.10.5.1551309990.79898c7-lp150.2.3.1 obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1 obs-service-snapcraft-0.10.28.1632141620.a8837d3-1.1 obs-service-snapcraft-0.10.5.1551309990.79898c7-bp150.3.3.1 obs-service-snapcraft-0.10.5.1551309990.79898c7-lp150.2.3.1 obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1 obs-service-tar-0.10.28.1632141620.a8837d3-1.1 obs-service-tar-0.10.5.1551309990.79898c7-bp150.3.3.1 obs-service-tar-0.10.5.1551309990.79898c7-lp150.2.3.1 obs-service-tar-0.10.6.1551887937.e42c270-1.3.1 obs-service-tar_scm-0.10.28.1632141620.a8837d3-1.1 obs-service-tar_scm-0.10.5.1551309990.79898c7-bp150.3.3.1 obs-service-tar_scm-0.10.5.1551309990.79898c7-lp150.2.3.1 obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1 obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 obs-service-tar-0.10.6.1551887937.e42c270-1.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 caasp-openstack-heat-templates-1.0+git.1540887180.64bfde8-1.3.2 as a component of SUSE OpenStack Cloud 7 obs-service-appimage-0.10.5.1551309990.79898c7-bp150.3.3.1 as a component of SUSE Package Hub 15 obs-service-obs_scm-0.10.5.1551309990.79898c7-bp150.3.3.1 as a component of SUSE Package Hub 15 obs-service-obs_scm-common-0.10.5.1551309990.79898c7-bp150.3.3.1 as a component of SUSE Package Hub 15 obs-service-snapcraft-0.10.5.1551309990.79898c7-bp150.3.3.1 as a component of SUSE Package Hub 15 obs-service-tar-0.10.5.1551309990.79898c7-bp150.3.3.1 as a component of SUSE Package Hub 15 obs-service-tar_scm-0.10.5.1551309990.79898c7-bp150.3.3.1 as a component of SUSE Package Hub 15 obs-service-appimage-0.10.5.1551309990.79898c7-lp150.2.3.1 as a component of openSUSE Leap 15.0 obs-service-obs_scm-0.10.5.1551309990.79898c7-lp150.2.3.1 as a component of openSUSE Leap 15.0 obs-service-obs_scm-common-0.10.5.1551309990.79898c7-lp150.2.3.1 as a component of openSUSE Leap 15.0 obs-service-snapcraft-0.10.5.1551309990.79898c7-lp150.2.3.1 as a component of openSUSE Leap 15.0 obs-service-tar-0.10.5.1551309990.79898c7-lp150.2.3.1 as a component of openSUSE Leap 15.0 obs-service-tar_scm-0.10.5.1551309990.79898c7-lp150.2.3.1 as a component of openSUSE Leap 15.0 obs-service-appimage-0.10.28.1632141620.a8837d3-1.1 as a component of openSUSE Tumbleweed obs-service-obs_scm-0.10.28.1632141620.a8837d3-1.1 as a component of openSUSE Tumbleweed obs-service-obs_scm-common-0.10.28.1632141620.a8837d3-1.1 as a component of openSUSE Tumbleweed obs-service-snapcraft-0.10.28.1632141620.a8837d3-1.1 as a component of openSUSE Tumbleweed obs-service-tar-0.10.28.1632141620.a8837d3-1.1 as a component of openSUSE Tumbleweed obs-service-tar_scm-0.10.28.1632141620.a8837d3-1.1 as a component of openSUSE Tumbleweed Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE Open Build Service: versions prior to 51a17c553b6ae2598820b7a90fd0c11502a49106. CVE-2018-12474 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1 SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1 SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1 SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1 SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-tar-0.10.6.1551887937.e42c270-1.3.1 SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1 SUSE OpenStack Cloud 7:caasp-openstack-heat-templates-1.0+git.1540887180.64bfde8-1.3.2 SUSE Package Hub 15:obs-service-appimage-0.10.5.1551309990.79898c7-bp150.3.3.1 SUSE Package Hub 15:obs-service-obs_scm-0.10.5.1551309990.79898c7-bp150.3.3.1 SUSE Package Hub 15:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-bp150.3.3.1 SUSE Package Hub 15:obs-service-snapcraft-0.10.5.1551309990.79898c7-bp150.3.3.1 SUSE Package Hub 15:obs-service-tar-0.10.5.1551309990.79898c7-bp150.3.3.1 SUSE Package Hub 15:obs-service-tar_scm-0.10.5.1551309990.79898c7-bp150.3.3.1 openSUSE Leap 15.0:obs-service-appimage-0.10.5.1551309990.79898c7-lp150.2.3.1 openSUSE Leap 15.0:obs-service-obs_scm-0.10.5.1551309990.79898c7-lp150.2.3.1 openSUSE Leap 15.0:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-lp150.2.3.1 openSUSE Leap 15.0:obs-service-snapcraft-0.10.5.1551309990.79898c7-lp150.2.3.1 openSUSE Leap 15.0:obs-service-tar-0.10.5.1551309990.79898c7-lp150.2.3.1 openSUSE Leap 15.0:obs-service-tar_scm-0.10.5.1551309990.79898c7-lp150.2.3.1 openSUSE Tumbleweed:obs-service-appimage-0.10.28.1632141620.a8837d3-1.1 openSUSE Tumbleweed:obs-service-obs_scm-0.10.28.1632141620.a8837d3-1.1 openSUSE Tumbleweed:obs-service-obs_scm-common-0.10.28.1632141620.a8837d3-1.1 openSUSE Tumbleweed:obs-service-snapcraft-0.10.28.1632141620.a8837d3-1.1 openSUSE Tumbleweed:obs-service-tar-0.10.28.1632141620.a8837d3-1.1 openSUSE Tumbleweed:obs-service-tar_scm-0.10.28.1632141620.a8837d3-1.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H