CVE-2017-5188 Information

Description

The bs_worker code in open build service before 20170320 followed relative symlinks allowing reading of files outside of the package source directory during build allowing leakage of private information.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://bugzilla.suse.com/show_bug.cgi?id=1029824 https://github.com/openSUSE/open-build-service/commit/ba27c91351878bc297ec4baba0bd488a2f3b568d https://www.suse.com/de-de/security/cve/CVE-2017-5188/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5