CVE-2017-5188
Published: 1 March 2018
The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information.
Priority
Status
Package | Release | Status |
---|---|---|
open-build-service Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
lunar |
Not vulnerable
(2.9.4-4)
|
|
mantic |
Not vulnerable
(2.9.4-4)
|
|
noble |
Not vulnerable
(2.9.4-4)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.7.4-3)
|
|
xenial |
Does not exist
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |