Published: 15/07/2018 Updated: 08/03/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

ZNC prior to 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories.

Vulnerable Product	Search on Vulmon	Subscribe to Product
znc znc
debian debian linux 9.0

Debian Bug report logs - #903787 znc: CVE-2018-14055: privilege escalation to admin permission (injection of rogue values in zncconf) Package: src:znc; Maintainer for src:znc is Patrick Matthäi <pmatthaei@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 14 Jul 2018 20:03:01 UTC Severity ...

Jeriko One discovered two vulnerabilities in the ZNC IRC bouncer which could result in privilege escalation or denial of service For the stable distribution (stretch), these problems have been fixed in version 165-1+deb9u1 We recommend that you upgrade your znc packages For the detailed security status of znc please refer to its security track ...

ZNC before 171-rc1 is prone to a path traversal flaw A non-admin user can set web skin name to / to access files outside of the intended skins directories and to cause DoS ...

CWE-22 https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773 https://www.debian.org/security/2018/dsa-4252 https://security.gentoo.org/glsa/201807-03 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903787 https://nvd.nist.gov https://www.debian.org/security/./dsa-4252

CVE-2018-14056

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect