Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2018-14056 - log back

CVE-2018-14056 created at 25 Sep 2019 19:31:40

Severity

+

Medium

Remote

+

Remote

Type

+	Directory traversal

Description

+	ZNC before 1.7.1-rc1 is prone to a path traversal flaw. A non-admin user can set web skin name to ../ to access files outside of the intended skins directories and to cause DoS.

References

+	https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773
+	https://marc.info/?l=oss-security&m=153190593904101

Notes

+	Upgrade to 1.7.1, or disable HTTP via `/msg status AddPort`, `/msg status DelPort` commands.