CVE-2018-14056 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Directory traversal |
| Description | ZNC before 1.7.1-rc1 is prone to a path traversal flaw. A non-admin user can set web skin name to ../ to access files outside of the intended skins directories and to cause DoS. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-737 | znc | 1.7.0-2 | 1.7.1-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 19 Jul 2018 | ASA-201807-11 | AVG-737 | znc | High | multiple issues |
| References |
|---|
https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773 https://marc.info/?l=oss-security&m=153190593904101 |
| Notes |
|---|
Upgrade to 1.7.1, or disable HTTP via `/msg *status AddPort`, `/msg *status DelPort` commands. |