Overview
- Description
- The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.
- Source
- security@opentext.com
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D41A798E-0D69-43C7-9A63-1E5921138EAC"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F150BD9-4B94-42D3-9E14-58665B7FF220"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B779A4B4-0721-4F4C-B3BD-C640BEAB2463"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB"
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3"
}
],
"operator": "OR"
}
]
}
]