CVE-2018-14056 — Path Traversal in ZNC

Severity

5.3MEDIUMNVD

EPSS

0.7%

top 28.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJul 15

Latest updateMay 14

Description

ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

▶debiandebian/znc< znc 1.7.1-1 (bookworm)

▶Debianznc/znc< 1.7.1-1+3

▶NVDznc/znc1.7.0

Also affects: Debian Linux 9.0

GHSA

GHSA-8c55-2mpc-h6vf: ZNC before 1↗2022-05-14

▶

OSV

CVE-2018-14056: ZNC before 1↗2018-07-15

▶

Debian

CVE-2018-14056: znc - ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin nam...↗2018

▶