Relative Symlink Vulnerability in bs_worker Code Allows Leakage of Private Information

Relative Symlink Vulnerability in bs_worker Code Allows Leakage of Private Information

CVE-2017-5188 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information.

Learn more about our Web Application Penetration Testing UK.