Candidate: CVE-2018-14056
PublicDate: 2018-07-15 01:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14056
 https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773
Description:
 ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web
 skin name to access files outside of the intended skins directories.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903788
Priority: medium
Discovered-by:
Assigned-to: amurray
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM]


Patches_znc:
upstream_znc: released (1.7.1-1)
precise/esm_znc: DNE
trusty_znc: released (1.2-3ubuntu0.1)
trusty/esm_znc: DNE (trusty was released [1.2-3ubuntu0.1])
xenial_znc: released (1.6.3-1ubuntu0.1)
artful_znc: ignored (reached end-of-life)
bionic_znc: released (1.6.6-1ubuntu0.1)
devel_znc: released (1.7.1-1)