Your submission was sent successfully! Close

CVE-2018-14036

Published: 13 July 2018

Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
accountsservice
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic
Released (0.6.45-1ubuntu1.3)
cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Not vulnerable
(0.6.55-0ubuntu10)
focal Not vulnerable
(0.6.55-0ubuntu10)
groovy Not vulnerable
(0.6.55-0ubuntu10)
precise Does not exist

trusty
Released (0.6.35-0ubuntu7.3+esm2)
upstream
Released (0.6.50)
xenial
Released (0.6.40-2ubuntu11.6)