CVE-2017-14804
Published: 1 March 2018
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.
Priority
Status
Package | Release | Status |
---|---|---|
obs-build Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Needed
|
|
cosmic |
Not vulnerable
(20180302-3)
|
|
disco |
Not vulnerable
(20180302-3)
|
|
eoan |
Not vulnerable
(20180302-3)
|
|
focal |
Not vulnerable
(20180302-3)
|
|
groovy |
Not vulnerable
(20180302-3)
|
|
hirsute |
Not vulnerable
(20180302-3)
|
|
impish |
Not vulnerable
(20180302-3)
|
|
jammy |
Not vulnerable
(20180302-3)
|
|
kinetic |
Not vulnerable
(20180302-3)
|
|
lunar |
Not vulnerable
(20180302-3)
|
|
mantic |
Not vulnerable
(20180302-3)
|
|
noble |
Not vulnerable
(20180302-3)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(20180302-1)
|
|
xenial |
Needed
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.3 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | Low |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |