CVE-2018-14056

Published: 15 July 2018

ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories.

Priority

CVSS 3 base score: 5.3

Status

Package	Release	Status
znc Launchpad, Ubuntu, Debian	Upstream	Released (1.7.1-1)




	Ubuntu 18.04 LTS (Bionic Beaver)	Released (1.6.6-1ubuntu0.1)
	Ubuntu 16.04 ESM (Xenial Xerus)	Released (1.6.3-1ubuntu0.1)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was released [1.2-3ubuntu0.1])

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.