CVE-2018-12476 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-12476 Interim 1 28 2025-11-05T03:28:16Z current 2021-05-30T14:14:29Z 2025-11-05T03:28:16Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-12476 Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-updates/2019-April/011150.html E-Mail link for SUSE-RU-2019:0880-1 https://lists.suse.com/pipermail/sle-security-updates/2019-March/005169.html E-Mail link for SUSE-SU-2019:0540-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/24JIOIQBREAYJ3BG7I4ULI6HBEJZRTP6/#24JIOIQBREAYJ3BG7I4ULI6HBEJZRTP6 E-Mail link for openSUSE-SU-2019:0326-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SKGGMO3NGZX2ZLQDMAHVVJX4HZMC2X3E/#SKGGMO3NGZX2ZLQDMAHVVJX4HZMC2X3E E-Mail link for openSUSE-SU-2019:0329-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Package Hub 15 openSUSE Leap 15.0 openSUSE Tumbleweed obs-service-appimage-0.10.28.1632141620.a8837d3-1.1 obs-service-appimage-0.10.5.1551309990.79898c7-bp150.3.3.1 obs-service-appimage-0.10.5.1551309990.79898c7-lp150.2.3.1 obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1 obs-service-obs_scm-0.10.28.1632141620.a8837d3-1.1 obs-service-obs_scm-0.10.5.1551309990.79898c7-bp150.3.3.1 obs-service-obs_scm-0.10.5.1551309990.79898c7-lp150.2.3.1 obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1 obs-service-obs_scm-common-0.10.28.1632141620.a8837d3-1.1 obs-service-obs_scm-common-0.10.5.1551309990.79898c7-bp150.3.3.1 obs-service-obs_scm-common-0.10.5.1551309990.79898c7-lp150.2.3.1 obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1 obs-service-snapcraft-0.10.28.1632141620.a8837d3-1.1 obs-service-snapcraft-0.10.5.1551309990.79898c7-bp150.3.3.1 obs-service-snapcraft-0.10.5.1551309990.79898c7-lp150.2.3.1 obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1 obs-service-tar-0.10.28.1632141620.a8837d3-1.1 obs-service-tar-0.10.5.1551309990.79898c7-bp150.3.3.1 obs-service-tar-0.10.5.1551309990.79898c7-lp150.2.3.1 obs-service-tar-0.10.6.1551887937.e42c270-1.3.1 obs-service-tar_scm-0.10.28.1632141620.a8837d3-1.1 obs-service-tar_scm-0.10.5.1551309990.79898c7-bp150.3.3.1 obs-service-tar_scm-0.10.5.1551309990.79898c7-lp150.2.3.1 obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1 obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 obs-service-tar-0.10.6.1551887937.e42c270-1.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 obs-service-appimage-0.10.5.1551309990.79898c7-bp150.3.3.1 as a component of SUSE Package Hub 15 obs-service-obs_scm-0.10.5.1551309990.79898c7-bp150.3.3.1 as a component of SUSE Package Hub 15 obs-service-obs_scm-common-0.10.5.1551309990.79898c7-bp150.3.3.1 as a component of SUSE Package Hub 15 obs-service-snapcraft-0.10.5.1551309990.79898c7-bp150.3.3.1 as a component of SUSE Package Hub 15 obs-service-tar-0.10.5.1551309990.79898c7-bp150.3.3.1 as a component of SUSE Package Hub 15 obs-service-tar_scm-0.10.5.1551309990.79898c7-bp150.3.3.1 as a component of SUSE Package Hub 15 obs-service-appimage-0.10.5.1551309990.79898c7-lp150.2.3.1 as a component of openSUSE Leap 15.0 obs-service-obs_scm-0.10.5.1551309990.79898c7-lp150.2.3.1 as a component of openSUSE Leap 15.0 obs-service-obs_scm-common-0.10.5.1551309990.79898c7-lp150.2.3.1 as a component of openSUSE Leap 15.0 obs-service-snapcraft-0.10.5.1551309990.79898c7-lp150.2.3.1 as a component of openSUSE Leap 15.0 obs-service-tar-0.10.5.1551309990.79898c7-lp150.2.3.1 as a component of openSUSE Leap 15.0 obs-service-tar_scm-0.10.5.1551309990.79898c7-lp150.2.3.1 as a component of openSUSE Leap 15.0 obs-service-appimage-0.10.28.1632141620.a8837d3-1.1 as a component of openSUSE Tumbleweed obs-service-obs_scm-0.10.28.1632141620.a8837d3-1.1 as a component of openSUSE Tumbleweed obs-service-obs_scm-common-0.10.28.1632141620.a8837d3-1.1 as a component of openSUSE Tumbleweed obs-service-snapcraft-0.10.28.1632141620.a8837d3-1.1 as a component of openSUSE Tumbleweed obs-service-tar-0.10.28.1632141620.a8837d3-1.1 as a component of openSUSE Tumbleweed obs-service-tar_scm-0.10.28.1632141620.a8837d3-1.1 as a component of openSUSE Tumbleweed Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74. CVE-2018-12476 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-appimage-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-obs_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-snapcraft-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-tar-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:obs-service-tar_scm-0.10.5.1551309990.79898c7-3.3.1 SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1 SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-obs_scm-0.10.6.1551887937.e42c270-1.3.1 SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-obs_scm-common-0.10.6.1551887937.e42c270-1.3.1 SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-snapcraft-0.10.6.1551887937.e42c270-1.3.1 SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-tar-0.10.6.1551887937.e42c270-1.3.1 SUSE Linux Enterprise Software Development Kit 12 SP5:obs-service-tar_scm-0.10.6.1551887937.e42c270-1.3.1 SUSE Package Hub 15:obs-service-appimage-0.10.5.1551309990.79898c7-bp150.3.3.1 SUSE Package Hub 15:obs-service-obs_scm-0.10.5.1551309990.79898c7-bp150.3.3.1 SUSE Package Hub 15:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-bp150.3.3.1 SUSE Package Hub 15:obs-service-snapcraft-0.10.5.1551309990.79898c7-bp150.3.3.1 SUSE Package Hub 15:obs-service-tar-0.10.5.1551309990.79898c7-bp150.3.3.1 SUSE Package Hub 15:obs-service-tar_scm-0.10.5.1551309990.79898c7-bp150.3.3.1 openSUSE Leap 15.0:obs-service-appimage-0.10.5.1551309990.79898c7-lp150.2.3.1 openSUSE Leap 15.0:obs-service-obs_scm-0.10.5.1551309990.79898c7-lp150.2.3.1 openSUSE Leap 15.0:obs-service-obs_scm-common-0.10.5.1551309990.79898c7-lp150.2.3.1 openSUSE Leap 15.0:obs-service-snapcraft-0.10.5.1551309990.79898c7-lp150.2.3.1 openSUSE Leap 15.0:obs-service-tar-0.10.5.1551309990.79898c7-lp150.2.3.1 openSUSE Leap 15.0:obs-service-tar_scm-0.10.5.1551309990.79898c7-lp150.2.3.1 openSUSE Tumbleweed:obs-service-appimage-0.10.28.1632141620.a8837d3-1.1 openSUSE Tumbleweed:obs-service-obs_scm-0.10.28.1632141620.a8837d3-1.1 openSUSE Tumbleweed:obs-service-obs_scm-common-0.10.28.1632141620.a8837d3-1.1 openSUSE Tumbleweed:obs-service-snapcraft-0.10.28.1632141620.a8837d3-1.1 openSUSE Tumbleweed:obs-service-tar-0.10.28.1632141620.a8837d3-1.1 openSUSE Tumbleweed:obs-service-tar_scm-0.10.28.1632141620.a8837d3-1.1 important 6.4 AV:N/AC:L/Au:N/C:N/I:P/A:P 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N