CVE-2017-14804
Published: 1 March 2018
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
obs-build Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
| bionic |
Needed
|
|
| cosmic |
Not vulnerable
(20180302-3)
|
|
| disco |
Not vulnerable
(20180302-3)
|
|
| eoan |
Not vulnerable
(20180302-3)
|
|
| focal |
Not vulnerable
(20180302-3)
|
|
| groovy |
Not vulnerable
(20180302-3)
|
|
| hirsute |
Not vulnerable
(20180302-3)
|
|
| impish |
Not vulnerable
(20180302-3)
|
|
| jammy |
Not vulnerable
(20180302-3)
|
|
| kinetic |
Not vulnerable
(20180302-3)
|
|
| lunar |
Not vulnerable
(20180302-3)
|
|
| mantic |
Not vulnerable
(20180302-3)
|
|
| noble |
Not vulnerable
(20180302-3)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(20180302-1)
|
|
| xenial |
Needed
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.3 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |