Your submission was sent successfully! Close

CVE-2018-14056

Published: 15 July 2018

ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories.

Priority

Medium

CVSS 3 base score: 5.3

Status

Package Release Status
znc
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic
Released (1.6.6-1ubuntu0.1)
precise Does not exist

trusty Does not exist
(trusty was released [1.2-3ubuntu0.1])
upstream
Released (1.7.1-1)
xenial
Released (1.6.3-1ubuntu0.1)