The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information.

Related CVEs

CVE-2017-5188

Key Information

GHSA ID

GHSA-m6v2-2pmh-qf44

Published

May 13, 2022 1:36 AM

Last Modified

May 13, 2022 1:36 AM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.