AVG-737

Package znc
Status Fixed
Severity High
Type multiple issues
Affected 1.7.0-2
Fixed 1.7.1-1
Current 1.7.2-1 [community]
Ticket None
Created Wed Jul 18 12:19:29 2018
Issue Severity Remote Type Description
CVE-2018-14056 Medium Yes Directory traversal
ZNC before 1.7.1-rc1 is prone to a path traversal flaw. A non-admin user can set web skin name to ../ to access files outside of the intended skins...
CVE-2018-14055 High Yes Privilege escalation
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate privilege, inject rogue...
Date Advisory Package Description
19 Jul 2018 ASA-201807-11 znc multiple issues
References
https://wiki.znc.in/ChangeLog/1.7.1